Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Livechat CSP whitelist validation #29278

Merged
merged 3 commits into from
May 18, 2023
Merged

fix: Livechat CSP whitelist validation #29278

merged 3 commits into from
May 18, 2023

Conversation

aleksandernsilva
Copy link
Contributor

@aleksandernsilva aleksandernsilva commented May 17, 2023
edited by jira bot
Loading

Proposed changes (including videos or screenshots)

This PR fixes the Livechat CSP validation, which was incorrectly blocking access to the widget for all non whitelisted domains.

Issue(s)

SUP-235

Steps to test or reproduce

Further comments

@aleksandernsilva aleksandernsilva added this to the 6.3.0 milestone May 17, 2023
@aleksandernsilva aleksandernsilva self-assigned this May 17, 2023
@changeset-bot
Copy link

changeset-bot bot commented May 17, 2023
edited
Loading

🦋 Changeset detected

Latest commit: 509e797

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 23 packages
Name Type
@rocket.chat/meteor Patch
@rocket.chat/core-typings Patch
@rocket.chat/rest-typings Patch
@rocket.chat/api-client Patch
@rocket.chat/core-services Patch
@rocket.chat/cron Patch
@rocket.chat/model-typings Patch
@rocket.chat/ui-contexts Patch
@rocket.chat/account-service Patch
@rocket.chat/authorization-service Patch
@rocket.chat/ddp-streamer Patch
@rocket.chat/omnichannel-transcript Patch
@rocket.chat/presence-service Patch
@rocket.chat/queue-worker Patch
@rocket.chat/stream-hub-service Patch
@rocket.chat/omnichannel-services Patch
@rocket.chat/pdf-worker Patch
@rocket.chat/presence Patch
rocketchat-services Patch
@rocket.chat/ddp-client Patch
@rocket.chat/fuselage-ui-kit Patch
@rocket.chat/models Patch
@rocket.chat/instance-status Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@KevLehman KevLehman changed the title fix: Fixed livechat csp whitelist validation fix: Livechat CSP whitelist validation May 17, 2023
KevLehman
KevLehman previously approved these changes May 17, 2023
View reviewed changes
MartinSchoeler
MartinSchoeler previously approved these changes May 17, 2023
View reviewed changes
@codecov
Copy link

codecov bot commented May 17, 2023
edited
Loading

Codecov Report

Merging #29278 (a325b23) into develop (3ad30b4) will increase coverage by 15.92%.
The diff coverage is n/a.

❗ Current head a325b23 differs from pull request most recent head 509e797. Consider uploading reports for the commit 509e797 to get more accurate results

Impacted file tree graph

@@             Coverage Diff              @@
##           develop   #29278       +/-   ##
============================================
+ Coverage    30.92%   46.84%   +15.92%     
============================================
  Files          575      707      +132     
  Lines        10825    13234     +2409     
  Branches      1976     2217      +241     
============================================
+ Hits          3348     6200     +2852     
+ Misses        7268     6720      -548     
- Partials       209      314      +105
Flag Coverage Δ
e2e 46.81% <ø> (+15.88%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@aleksandernsilva aleksandernsilva marked this pull request as ready for review May 17, 2023 23:33
@aleksandernsilva aleksandernsilva requested a review from a team as a code owner May 17, 2023 23:33
@kodiakhq kodiakhq bot dismissed stale reviews from MartinSchoeler and KevLehman via a325b23 May 18, 2023 18:50
@dionisio-bot dionisio-bot bot added stat: ready to merge PR tested and approved waiting for merge and removed stat: needs QA labels May 18, 2023
@aleksandernsilva aleksandernsilva removed the stat: ready to merge PR tested and approved waiting for merge label May 18, 2023
@dionisio-bot dionisio-bot bot added the stat: ready to merge PR tested and approved waiting for merge label May 18, 2023
@dionisio-bot dionisio-bot bot added stat: ready to merge PR tested and approved waiting for merge and removed stat: ready to merge PR tested and approved waiting for merge labels May 18, 2023
@sampaiodiego sampaiodiego merged commit 1702461 into develop May 18, 2023
@sampaiodiego sampaiodiego deleted the fix/livechat-csp branch May 18, 2023 21:11
This was referenced May 18, 2023
Open
Open
@sampaiodiego sampaiodiego removed this from the 6.3.0 milestone May 19, 2023
@sampaiodiego sampaiodiego added this to the 6.2.2 milestone May 19, 2023
sampaiodiego pushed a commit that referenced this pull request May 19, 2023
@aleksandernsilva @sampaiodiego
fix: Livechat CSP whitelist validation (#29278)
3d1b305
@sampaiodiego sampaiodiego mentioned this pull request May 19, 2023
Merged
This was referenced May 20, 2023
Closed
Open
gabriellsh added a commit that referenced this pull request May 23, 2023
@gabriellsh
Merge branch 'develop' of github.com:RocketChat/Rocket.Chat into fix/…
a3de2dc 
…memberList

* 'develop' of github.com:RocketChat/Rocket.Chat: (72 commits)
  fix: respect useEmoji pref on messages (#28975)
  chore: Move 2fa challenge handler to rest api package (#29263)
  refactor(integrations): Replace Fibers dependency by Deasync (#29081)
  chore: improve server stream typings (#29128)
  fix: Livechat `CSP` whitelist validation (#29278)
  chore: `ListItem` stories (#29251)
  regression(push): fix error when adding headers to send push notification (#29287)
  fix: Handle login services errors (#28795)
  chore: skip hook if HUSKY env var is set to 0 (#29283)
  ci: skip husky hooks on ci (#29279)
  chore: Add `roomName` on Composer placeholder (#29255)
  regression: fix console warnings (#29277)
  ci: fix Release Task
  chore: Add Changesets (#29275)
  feat(Marketplace): Scroll to the top of the marketplace apps list when page changed (#29095)
  fix: Members/Channels list infinite scroll (#28636)
  test: use local httpbin container on github CI's (#29067)
  Bump vm2 version 3.9.19 (#29258)
  i18n: Language update from LingoHub 🤖 on 2023-05-16Z (#29252)
  chore: Composer missing scrollbar color (#29256)
  ...
This was referenced May 25, 2023
Open
Open
This was referenced Jun 13, 2023
Open
Closed
Open
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KevLehman KevLehman KevLehman approved these changes

@ggazzo ggazzo ggazzo approved these changes

@MartinSchoeler MartinSchoeler MartinSchoeler left review comments

Assignees

@aleksandernsilva aleksandernsilva

Labels
squad: omnichannel stat: QA tested stat: ready to merge PR tested and approved waiting for merge
Projects
None yet
Milestone
6.2.2
Development

Successfully merging this pull request may close these issues.
5 participants
@aleksandernsilva @ggazzo @KevLehman @MartinSchoeler @sampaiodiego