Skip to content

Commit

Permalink
Fix CSP issue blocking Sentry requests in Traefik configuration
Browse files Browse the repository at this point in the history 
The Content Security Policy (CSP) was updated to resolve the issue that
was blocking Sentry requests. Previously, the `connect-src` directive
did not include wildcard entries for Sentry endpoints, causing POST
requests to the Sentry API to fail. The configuration was adjusted to
permit requests to any instance of Sentry under the `*.ingest.sentry.io`
domain. This change ensures that error tracking and monitoring via
Sentry can function correctly, as required by the user story. The
updated CSP also maintains security best practices and has been tested
to confirm successful transmission of error data to Sentry.
  • Loading branch information
@placek
placek committed Jun 20, 2024
1 parent 8a91ce2 commit b18c87d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion scripts/govtool/config/templates/docker-compose.yml.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -273,7 +273,7 @@ services:
logging: *logging
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.frontend-csp.headers.contentSecurityPolicy=default-src 'self'; img-src *.usersnap.com https://www.googletagmanager.com 'self' data:; script-src *.usersnap.com 'self' https://www.googletagmanager.com https://browser.sentry-cdn.com; style-src *.usersnap.com *.googleapis.com 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src *.usersnap.com https://s3.eu-central-1.amazonaws.com/upload.usersnap.com 'self' o4506155985141760.ingest.sentry.io *.google-analytics.com *.api.pdf.gov.tools; font-src *.usersnap.com *.gstatic.com 'self' https://fonts.gstatic.com data:; worker-src blob:"
- "traefik.http.middlewares.frontend-csp.headers.contentSecurityPolicy=default-src 'self'; img-src *.usersnap.com https://www.googletagmanager.com 'self' data:; script-src *.usersnap.com 'self' https://www.googletagmanager.com https://browser.sentry-cdn.com; style-src *.usersnap.com *.googleapis.com 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src *.usersnap.com https://s3.eu-central-1.amazonaws.com/upload.usersnap.com 'self' *.ingest.sentry.io *.google-analytics.com *.api.pdf.gov.tools; font-src *.usersnap.com *.gstatic.com 'self' https://fonts.gstatic.com data:; worker-src blob:"
- "traefik.http.routers.to-frontend.rule=Host(`<DOMAIN>`)"
- "traefik.http.routers.to-frontend.entrypoints=websecure"
- "traefik.http.routers.to-frontend.tls.certresolver=myresolver"
Expand Down

0 comments on commit b18c87d

Please sign in to comment.