1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-25 06:50:55 +01:00
phorge-phorge/src/aphront
epriestley c5772f51de Fix Content-Security-Policy headers on "Email Login" page
Summary:
In D20100, I changed this page from returning a `newPage()` with a dialog as its content to returning a more modern `newDialog()`.

However, the magic to add stuff to the CSP header is actually only on the `newPage()` pathway today, so this accidentally dropped the extra "Content-Security-Policy" rule for Google.

Lift the magic up one level so both Dialog and Page responses hit it.

Test Plan:
  - Configured Recaptcha.
  - Between D20100 and this patch: got a CSP error on the Email Login page.
  - After this patch: clicked all the pictures of cars / store fronts.

Reviewers: amckinley

Reviewed By: amckinley

Differential Revision: https://secure.phabricator.com/D20163
2019-02-14 12:53:33 -08:00
..
__tests__ phtize all the things 2015-05-22 21:16:39 +10:00
configuration Let the top-level exception handler dump a stack trace if we reach debug mode before things go sideways 2019-02-11 15:36:19 -08:00
exception Convert some whiny exceptions into quiet MalformedRequest exceptions 2016-08-16 15:50:21 -07:00
handler Give MFA gates a more consistent UI 2019-01-30 06:16:32 -08:00
httpparametertype Fix spelling 2017-10-09 10:48:04 -07:00
interface Allow Controllers to return a wider range of "response-like" objects 2015-09-01 15:52:52 -07:00
response Clean up final setQueryParams() callsites 2019-02-14 11:54:56 -08:00
sink Fix Content-Security-Policy headers on "Email Login" page 2019-02-14 12:53:33 -08:00
site Allow custom Sites to have custom 404 controllers 2016-11-30 15:25:09 -08:00
AphrontController.php Provide an AphrontController implementation of willSendResponse() 2015-09-07 17:18:35 -07:00
AphrontRequest.php Replace all "setQueryParam()" calls with "remove/replaceQueryParam()" 2019-02-14 11:56:39 -08:00