Page MenuHomeMiraheze
Create Task
Maniphest T7699

CSP Whitelist request: cdn.smutstone.com
Closed, ResolvedPublic
Actions

Description

Wiki URLhttps://smutstone.miraheze.org

hello

i need to load an external file into a game calculator that we have.

Content Security Policy: The page’s settings blocked the loading of a resource at https://cdn.smutstone.com/s2/fb9ae4a0.conf.js (“default-src”).

i need this to be whitelisted, some other images are loaded from this path as well.
https://cdn.smutstone.com/s2/*

CSP REVIEW

  • Is the site equipped with a privacy policy? Yes
  • Does the site attempt to comply with the GDPR? Can European Union inhabitants invoke their individual rights? No, PP indicates that "Non-Registered users can watch content without registering and without any information being collected and processed"
  • Does the site provide a list of personal data being collected by using the service? Yes, see PP
  • Is the website owner known to have a bad reputation regarding privacy? No
  • Can wikis use the external service, even if the visitor wants to deny any cookies or other form of tracking? Unclear
  • Will wikis stay usable, even if the visitor blocks the external resource by using an ad blocker? Likely yes
  • Is there a Data Protection Officer and/or Privacy Team that can be contacted by Miraheze? No
  • Is the site equipped with a security policy? Yes, a short one on PP
  • Does the site clarify their security measures to protect collected user data? Can the site assure measures are being taken to protect code injection into the loaded external resources? No details; standard general assurance
  • Is the website owner known to have a bad reputation regarding information security? No
  • Is there a Chief Information Security Officer and/or Security Team that can be contacted by Miraheze? No

Related Objects

Event Timeline

Light-777-Angel created this task.Jul 26 2021, 15:22
Herald added subscribers: Bukkit, Unknown Object (User), RhinosF1 and 2 others. · View Herald TranscriptJul 26 2021, 15:22
Redmin edited projects, added Puppet, Site Reliability Engineering; removed MediaWiki (SRE), MediaWiki.Jul 26 2021, 17:00
Redmin moved this task from Radar to Discussion on the Site Reliability Engineering board.
Light-777-Angel added a comment.Jul 27 2021, 20:46

any progress?

Light-777-Angel added a comment.Jul 28 2021, 20:16

anybody working here?
can i get some help..
i need this white listed.

Light-777-Angel added a comment.Jul 29 2021, 19:05

can someone please look at this and tell me what do i need to do.

RhinosF1 added a comment.Jul 30 2021, 07:17

CSP Desicions can take a while

Light-777-Angel added a comment.Aug 2 2021, 02:32

anything yet...?
how much time these things take? usually !

Unknown Object (User) added a comment.Aug 2 2021, 03:27
In T7699#155553, @Light-777-Angel wrote:

anything yet...?
how much time these things take? usually !

Currently all new CSP decisions were put on hold, so it is unknown when they will resume and when this can be done.

Before that was done, they usually only took a few days. Apologies for the inconvenience.

Reception123 renamed this task from i need to whitelist a domain in CSP to load external file from it to CSP Whitelist request: cdn.smutstone.com.Aug 3 2021, 06:01
Light-777-Angel added a comment.Aug 5 2021, 23:59

ok, i'll wait

Bukkit changed the task status from Open to Stalled.Aug 6 2021, 00:21

Stalled per T7699#155554

Unknown Object (User) changed the task status from Stalled to Open.Aug 6 2021, 00:50

Not stalled unless waiting on something externally, not internally.

Bukkit added a comment.Aug 11 2021, 18:58

Oh, alright.

Light-777-Angel added a comment.Aug 23 2021, 23:51

any progress with the CSP decisions....still on hold ?!!

Herald removed a subscriber: Unknown Object (User). · View Herald TranscriptAug 23 2021, 23:51
John updated the task description. (Show Details)Aug 28 2021, 18:47
John edited projects, added MediaWiki (SRE), CSP Review; removed Site Reliability Engineering, Puppet.
Reception123 updated the task description. (Show Details)Sep 6 2021, 13:44

While there are some deficiencies this seems to be another case where there is no private information collected within the scope of the GDPR so because of this it would seem to me that it could be approved, however T&S should probably double check.

Reception123 moved this task from SRE Review to T&S Review on the CSP Review board.Sep 6 2021, 13:45
Reception123 added a project: Trust & Safety.
Owen moved this task from T&S Review to DSRE Review on the CSP Review board.Sep 9 2021, 12:08
Owen subscribed.

I agree with the assessment above.

John closed this task as Resolved.Sep 11 2021, 10:19
John claimed this task.
John moved this task from DSRE Review to Completed on the CSP Review board.
Restricted Repository Identity mentioned this in rPUPC23bfea406ed7: Add new CSP sites.Sep 11 2021, 10:20