Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Override CSP for ThreatMetrix based on feature-specific config #11678

Open
wants to merge 18 commits into
base: main
Choose a base branch
from

Conversation

aduth
Copy link
Member

@aduth aduth commented Dec 19, 2024

🎫 Ticket

Supports LG-15302

🛠 Summary of changes

Moves feature flag check from shared ThreatMetrixConcern to individual controllers, so that overriding CSP for account creation is not dependent on profiling collection being enabled for identity proofing.

Temporarily merges to LG-15203-move-threatmetrix-call-to-mfa-selection as base, with intent to rebase against main once #11654 is merged.

📜 Testing Plan

Verify build passes.

Verify that CSP override occurs on MFA setup screen when account creation profiling collection is enabled and identity proofing device profiling collection is disabled.

# config/application.yml
development:
  account_creation_device_profiling: collect_only
  proofing_device_profiling: disabled

@aduth aduth requested review from matthinz, mdiarra3 and a team December 19, 2024 20:37
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Easier to review this file with whitespace changes hidden: https://github.com/18F/identity-idp/pull/11678/files?w=1

Base automatically changed from LG-15203-move-threatmetrix-call-to-mfa-selection to main December 23, 2024 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants