Differential D3136

Define Access-Control-Allow-Origin for CSS for assets.
ClosedPublic
Actions

Authored by dereckson on May 26 2023, 01:22.

Details

Reviewers

dereckson

Maniphest Tasks

T1881: Migrate all fonts assets

Commits

rOPSabeed0b798be: Define Access-Control-Allow-Origin for CSS for assets.

Summary

To be sure the assets site serves the expected file, we can use the SRI,
Subresource Integrity mechanism to store a hash in the <link> tag.

If the URL does not support Cross-Origin Resource Sharing (CORS),
the SRI mechanism can't work. We so allow access from all origins.

Reference: https://www.w3.org/TR/SRI/

Ref T1881

Test Plan

Tested with D3119 to load D3135 CSS

Diff Detail

Repository

rOPS Nasqueron Operations

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

dereckson requested review of this revision.May 26 2023, 01:22

dereckson created this revision.

Harbormaster completed remote builds in B4947: Diff 7999.May 26 2023, 01:22

dereckson accepted this revision.May 26 2023, 01:22

This revision is now accepted and ready to land.May 26 2023, 01:22

dereckson edited the summary of this revision. (Show Details)May 26 2023, 01:23

dereckson added a task: T1881: Migrate all fonts assets.

Closed by commit rOPSabeed0b798be: Define Access-Control-Allow-Origin for CSS for assets. (authored by dereckson). · Explain WhyMay 26 2023, 01:23

This revision was automatically updated to reflect the committed changes.

dereckson added a commit: rOPSabeed0b798be: Define Access-Control-Allow-Origin for CSS for assets..

Revision Contents
Changeset List

Path

Size

roles/

webserver-legacy/

nginx/

files/

vhosts/

nasqueron.org/

assets.conf

2 lines

Diff 8000

View Options

roles/webserver-legacy/nginx/files/vhosts/nasqueron.org/assets.conf

Define Access-Control-Allow-Origin for CSS for assets.ClosedPublicActions