Add missing OneTrust policy to affected controllers
Some controllers been missing OneTrust Content Security Policies which caused errors on front end (request were blocked)
Related to #345442
Verifying
Is a bit tricky.
- apply path
diff --git a/app/controllers/concerns/one_trust_csp.rb b/app/controllers/concerns/one_trust_csp.rb
index cd35eeb587c..1a90b0e1f1a 100644
--- a/app/controllers/concerns/one_trust_csp.rb
+++ b/app/controllers/concerns/one_trust_csp.rb
@@ -5,7 +5,7 @@ module OneTrustCSP
included do
content_security_policy do |policy|
- next unless helpers.one_trust_enabled? || policy.directives.present?
+ # next unless helpers.one_trust_enabled? || policy.directives.present?
default_script_src = policy.directives['script-src'] || policy.directives['default-src']
script_src_values = Array.wrap(default_script_src) | ["'unsafe-eval'", 'https://cdn.cookielaw.org', 'https://*.onetrust.com']
diff --git a/app/views/layouts/_one_trust.html.haml b/app/views/layouts/_one_trust.html.haml
index 4fab017d273..225e5cfa42d 100644
--- a/app/views/layouts/_one_trust.html.haml
+++ b/app/views/layouts/_one_trust.html.haml
@@ -1,5 +1,5 @@
-- if one_trust_enabled?
- - one_trust_id = sanitize(extra_config.one_trust_id, scrubber: Rails::Html::TextOnlyScrubber.new)
+- if true # one_trust_enabled?
+ - one_trust_id = '23412f213t1g2' #sanitize(extra_config.one_trust_id, scrubber: Rails::Html::TextOnlyScrubber.new)
<!-- OneTrust -->
= javascript_include_tag "https://cdn.cookielaw.org/consent/#{one_trust_id}/OtAutoBlock.js"
- visit affected pages to make sure there is no described error present
-
/-/profile/usage_quotas
-
/users/sign_up/welcome
-
/groups/flightjs/-/usage_quotas
Edited by Niko Belokolodov