Page MenuHomeMiraheze
Create Task
Maniphest T5092

Create a CSP whitelist policy
Closed, DeclinedPublic
Actions

Description

We've received quite a few CSP whitelist requests, and obviously the CSP is there to prevent abuse so whitelisting any requested URL would defeat its purpose so that's why we need a policy for how we decide what to whitelist or not.

Related Objects
Search...

Event Timeline

Reception123 triaged this task as Normal priority.Jan 11 2020, 09:01
Reception123 created this task.
Herald added subscribers: Examknow, CnocBride. · View Herald TranscriptJan 11 2020, 09:01
Reception123 added a subtask: T5017: Add shields.io to CSP whitelist (load external images).Jan 11 2020, 09:01
Reception123 added a subtask: T4914: Content Security Policy Violation: Extension:AddThis.
Reception123 added a subtask: T4760: Add some sites to frame and CSP whitelist.Jan 11 2020, 09:11
Reception123 added a subtask: T4976: CSP whitelist request for www.desmos.com.
Reception123 added a subtask: T4944: CSP whitelist openagenda.com.Jan 11 2020, 09:13
Reception123 closed this task as Declined.Apr 5 2020, 09:26
Reception123 claimed this task.

We're going to go for an informal policy which is that each request is case by case and users must be able to explain why the whitelist is essential for the functioning of their wiki. The decision to add it to the CSP should be approved by 2 SRE members.

Zppix closed subtask T5017: Add shields.io to CSP whitelist (load external images) as Resolved.Apr 8 2020, 15:52
Reception123 closed subtask T4944: CSP whitelist openagenda.com as Declined.Apr 8 2020, 18:10
Zppix closed subtask T4760: Add some sites to frame and CSP whitelist as Resolved.Apr 9 2020, 00:26
Aunst reopened subtask T4760: Add some sites to frame and CSP whitelist as Open.Apr 12 2020, 00:31
Zppix closed subtask T4760: Add some sites to frame and CSP whitelist as Resolved.Apr 12 2020, 02:04
Aunst reopened subtask T4760: Add some sites to frame and CSP whitelist as Open.Apr 12 2020, 02:24
Zppix closed subtask T4760: Add some sites to frame and CSP whitelist as Resolved.Apr 12 2020, 18:33
Reception123 closed subtask T4976: CSP whitelist request for www.desmos.com as Declined.Apr 26 2020, 17:43
RhinosF1 reopened subtask T4976: CSP whitelist request for www.desmos.com as Open.Sep 20 2020, 12:37
Universal_Omega closed subtask T4976: CSP whitelist request for www.desmos.com as Resolved.Oct 2 2020, 23:25
Reception123 closed subtask T4914: Content Security Policy Violation: Extension:AddThis as Resolved.Oct 3 2020, 14:42
Reception123 mentioned this in T7322: Create a written and clear CSP whitelist policy and checklist and review all current entries based on this.May 17 2021, 15:55