mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
076157c1a6
<!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #40538 This is the initial iteration of CSP functionality, currently gated behind FLEET_SERVER_ENABLE_CSP. If disabled, no CSP is served. Nonces are still injected into pages however a dummy nonce is used and has no effect. With this setting turned on things break and will be addressed by mainly frontend changes in https://github.com/fleetdm/fleet/issues/41577 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects - [x] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [x] QA'd all new/changed functionality manually --------- Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> |
||
|---|---|---|
| .. | ||
| enroll-ota.html | ||
| react.ejs | ||
| windowsTOS.html | ||