Merge pull request #375 from badgerwithagun/master

Permit Github API in CSP
gruelbox · May 27, 2019 · d4e726f · d4e726f
2 parents 733d02e + a77ce34
commit d4e726f
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 7 deletions.
diff --git a/orko-app/src/main/java/com/gruelbox/orko/app/monolith/ClientSecurityHeadersFilter.java b/orko-app/src/main/java/com/gruelbox/orko/app/monolith/ClientSecurityHeadersFilter.java
@@ -64,7 +64,7 @@ class ClientSecurityHeadersFilter extends AbstractHttpServletFilter {
           + "script-src 'self' https://*.tradingview.com; "
           + "img-src 'self' data:; "
           + "frame-src 'self' https://*.tradingview.com; "
-          + "connect-src 'self' " + wssUri.toString() + "; "
+          + "connect-src 'self' https://api.github.com " + wssUri.toString() + "; "
           + "manifest-src 'self'; "
           + "frame-ancestors 'self';";
     });

diff --git a/orko-app/src/test/java/com/gruelbox/orko/app/monolith/TestClientSecurityHeadersFilter.java b/orko-app/src/test/java/com/gruelbox/orko/app/monolith/TestClientSecurityHeadersFilter.java
@@ -71,7 +71,7 @@ public void testClientSecurityHeadersFilter() throws IOException, ServletExcepti
       + "script-src 'self' https://*.tradingview.com; "
       + "img-src 'self' data:; "
       + "frame-src 'self' https://*.tradingview.com; "
-      + "connect-src 'self' ws://gruelbox.com; "
+      + "connect-src 'self' https://api.github.com ws://gruelbox.com; "
       + "manifest-src 'self'; "
       + "frame-ancestors 'self';");
   }
@@ -90,7 +90,7 @@ public void testWss() throws IOException, ServletException {
       + "script-src 'self' https://*.tradingview.com; "
       + "img-src 'self' data:; "
       + "frame-src 'self' https://*.tradingview.com; "
-      + "connect-src 'self' wss://gruelbox.com; "
+      + "connect-src 'self' https://api.github.com wss://gruelbox.com; "
       + "manifest-src 'self'; "
       + "frame-ancestors 'self';");
   }
@@ -109,7 +109,7 @@ public void testIe10Ws() throws IOException, ServletException {
       + "script-src 'self' https://*.tradingview.com; "
       + "img-src 'self' data:; "
       + "frame-src 'self' https://*.tradingview.com; "
-      + "connect-src 'self' ws://github.com; "
+      + "connect-src 'self' https://api.github.com ws://github.com; "
       + "manifest-src 'self'; "
       + "frame-ancestors 'self';");
   }
@@ -129,7 +129,7 @@ public void testIe10Wss() throws IOException, ServletException {
       + "script-src 'self' https://*.tradingview.com; "
       + "img-src 'self' data:; "
       + "frame-src 'self' https://*.tradingview.com; "
-      + "connect-src 'self' wss://github.com; "
+      + "connect-src 'self' https://api.github.com wss://github.com; "
       + "manifest-src 'self'; "
       + "frame-ancestors 'self';");
   }
@@ -148,7 +148,7 @@ public void testIe11Ws() throws IOException, ServletException {
       + "script-src 'self' https://*.tradingview.com; "
       + "img-src 'self' data:; "
       + "frame-src 'self' https://*.tradingview.com; "
-      + "connect-src 'self' ws://github.com; "
+      + "connect-src 'self' https://api.github.com ws://github.com; "
       + "manifest-src 'self'; "
       + "frame-ancestors 'self';");
   }
@@ -168,7 +168,7 @@ public void testIe11Wss() throws IOException, ServletException {
       + "script-src 'self' https://*.tradingview.com; "
       + "img-src 'self' data:; "
       + "frame-src 'self' https://*.tradingview.com; "
-      + "connect-src 'self' wss://github.com; "
+      + "connect-src 'self' https://api.github.com wss://github.com; "
       + "manifest-src 'self'; "
       + "frame-ancestors 'self';");
   }