Skip to content

Commit

Permalink
Add Content-Security-Policy header to nginx config (#434)
Browse files Browse the repository at this point in the history
* Add Content-Security-Policy header to nginx config

* Try to use newer version of python for test workflow

* Downgrade the setuptools version to install demjson

* Add wheel installation step

* Use ubuntu-20.04 for github action runner

* Add trusted host workaround for tests workflow

* Freeze setuptools version to 57.4.0

* Use setuptools<58

* Use quotes for "setuptools<58"

* Add wheel installation

* Revert workflow changes and update changelog

---------

Co-authored-by: Vladyslav Tymofeiev <“[email protected]”>
  • Loading branch information
VladyslavTy and Vladyslav Tymofeiev authored Aug 13, 2024
1 parent 5be75c8 commit 6a43843
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 1 deletion.
2 changes: 2 additions & 0 deletions .github/workflows/playbook-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ jobs:
uses: actions/setup-python@v3
with:
python-version: ${{ matrix.python-version }}
env:
PIP_TRUSTED_HOST: "pypi.python.org pypi.org files.pythonhosted.org"
- name: Install Dependencies
run: |
pip install demjson
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/syntax-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,4 @@ jobs:
pip install -r requirements.txt
- name: Run Make test.syntax
run: |
timeout 90m make --keep-going test.syntax
timeout 90m make --keep-going test.syntax
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@
All notable changes to this project will be documented in this file.
Add any new changes to the top(right below this line).

- Role: nginx
- Add the possibility to add the header `Content-Security-Policy frame-ancestors`. This is configured by the
EDXAPP_LMS_IFRAME_ENABLED switcher and EDXAPP_LMS_FRAME-ANCESTORS value.

- Role: edxapp BREAKING_CHANGE
- The sandbox environment that runs instructor written python code used to run python 2.7. We update the default to
python 3.5 but provide a new variable to be able to go back to the old setting. If `edxapp_sandbox_python_version`
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,11 @@ error_page {{ k }} {{ v }};
# prevent the browser from doing MIME-type sniffing
add_header X-Content-Type-Options nosniff;

{% if EDXAPP_LMS_IFRAME_ENABLED %}
# Allow iFrame for the provided hosts
add_header Content-Security-Policy "frame-ancestors 'self' {{ EDXAPP_LMS_FRAME-ANCESTORS }}";
{% endif %}

# Prevent invalid display courseware in IE 10+ with high privacy settings
add_header P3P '{{ NGINX_P3P_MESSAGE }}';

Expand Down

0 comments on commit 6a43843

Please sign in to comment.