Bull 472 - Add CSP to nginx (!54) · Merge requests · Platform One / Party Bus / Launchboard / launchboard-fe

graham.smith requested to merge BULL-472 into master Jan 18, 2021

Removed overflow-color dependency since it does not conform to CSP due to inline-styles (could potentially set nonce, but easier to just remove it)
refactored nginx configs
added CSP to nginx configs
added if check in main.js since when the app is served via nginx, api calls that normally would return a 404 if not present will instead return a 200 (with the contents of index.html) due to try_files directive

For testing to see if iframes are disabled, try to run the Launchboard FE in an iframe:

Create a test html file and open it in a browser

<html>
  <body>
    iframe test
    <iframe src="http://localhost:8888" title="test"/>
  </body>
</html>

You should see errors in the iframe. (chrome shows frowny document and "localhost refused to connect.")

Edited Jan 18, 2021 by graham.smith

Bull 472 - Add CSP to nginx