<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#40538
This is the initial iteration of CSP functionality, currently gated
behind FLEET_SERVER_ENABLE_CSP. If disabled, no CSP is served. Nonces
are still injected into pages however a dummy nonce is used and has no
effect.
With this setting turned on things break and will be addressed by mainly
frontend changes in https://github.com/fleetdm/fleet/issues/41577
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
- [x] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements), JS
inline code is prevented especially for url redirects
- [x] If paths of existing endpoints are modified without backwards
compatibility, checked the frontend/CLI for any necessary changes
## Testing
- [x] Added/updated automated tests
- [x] Where appropriate, [automated tests simulate multiple hosts and
test for host
isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing)
(updates to one hosts's records do not affect another)
- [x] QA'd all new/changed functionality manually
---------
Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
**Related issue:** Resolves#39996
This adds a new flow where the user is asked to navigate and dowload the
enrollment profile in safari for ios and ipados devices.
This fixes an issue where the enrollment profile was not downloaded
correctly on browsers other than Safari.
https://github.com/user-attachments/assets/20304389-4b36-445b-9b8f-d4b9bfbff143
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
- [x] QA'd all new/changed functionality manually
- Many users will be single-clicking the downloaded Profile from the
expanded dock - "open" is the right level of specificity.
<img width="199" height="240" alt="Screenshot 2026-03-05 at 10 35 28 AM"
src="https://github.com/user-attachments/assets/5c782753-f479-425c-9492-61e9b13fef86"
/>
- The fact that we call out that there will be a warning communicates
that it is expected, redundant to say so. Also, it looks cleaner.
<img width="829" height="413" alt="Screenshot 2026-03-05 at 10 32 59 AM"
src="https://github.com/user-attachments/assets/f4e1fff2-4391-4971-ba99-32edbf2e25f4"
/>
---------
Co-authored-by: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#39389 (unreleased bug)
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
## Testing
- [ ] QA'd all new/changed functionality manually
<!-- Add the related story/sub-task/bug number, like Resolves#123, or
remove if NA -->
**Related issue:** Resolves#38880, #38881
This adds the UI updates to the enroll page to so that verious devices
can enroll after scanning the QR code.
> NOTE: still a small piece is needed to integrate with the API changes
and to ensure android devices can actually enroll with the new QR code.
# Checklist for submitter
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files)
for more information.
- [x] QA'd all new/changed functionality manually
fixes: #29222
This is a feature branch that was completed last week, but did not get
merged in time.
All pr's going in was approved, and reviewed.
I will after this is merged, do a cherry pick onto the RC 4.73 branch,
and initiate the FR merge process.
---------
Co-authored-by: Martin Angers <martin.n.angers@gmail.com>
Co-authored-by: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com>
some iPads default to requesting the desktop version of websites, and
thus they send a different user agent. This improves the detection with
a well-known method.
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Manual QA for all new/changed functionality
for #19448
# Checklist for submitter
If some of the following don't apply, delete the relevant line.
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Manual QA for all new/changed functionality
relates to #21559
This adds the ability for end users to enrol their own device in fleet
mdm.
> NOTE: this new byod HTML page is a separate HTML asset that contains
all styles and scripts needed for the page to work. We do not send the
fleet UI assets and this drastically cuts down the response time to the
users who will be visiting this page on mobile devices
There are two sides included in this:
**Adding a new add host modal ios and iPad section for IT admins**
**delivering a new byod HTML page to end users that will allow end users
to download the config profile to enrol into fleet mdm**
<!-- Note that API documentation changes are now addressed by the
product design team. -->
- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [ ] Added/updated tests
- [x] Manual QA for all new/changed functionality
