Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CC license CSP error #14895

Merged
merged 4 commits into from
Jul 29, 2024
Merged

Fix CC license CSP error #14895

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0d54163
Add cc-by-sa SVG button inline
janbrasna Jul 26, 2024
de998c2
Remove cc from CSP in R_O
janbrasna Jul 26, 2024
341247e
Remove cc from CSP img-src
janbrasna Jul 29, 2024
61dd061
Use local SVG button
janbrasna Jul 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions bedrock/foundation/templates/foundation/licensing/website-content.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@
Commons Attribution Share-Alike 3.0 Unported license, or any later version.
</p>
<p>
<a rel="license" href="https://creativecommons.org/licenses/by-sa/3.0/deed.locale">
<img alt="Creative Commons License"src="https://creativecommons.org/images/public/somerights20.gif" width="88" height="31">
<a rel="license" href="https://creativecommons.org/licenses/by-sa/3.0/deed.locale" title="Creative Commons License">
<svg xmlns="http://www.w3.org/2000/svg" width="88" height="31" viewBox="0 0 88 31"><path fill="#AAB2AB" d="M2.499.352 85.626.5c1.161 0 2.198-.173 2.198 2.333l-.102 27.552H.401V2.73C.401 1.495.52.352 2.499.352z"/><path fill="#FFF" d="M25.316 14.449c.003 5.557-4.471 10.065-9.993 10.069-5.522.003-10.001-4.5-10.005-10.057v-.012C5.315 8.891 9.789 4.383 15.312 4.38c5.522-.004 10.001 4.5 10.005 10.057l-.001.012zM46.464 3.306c4.349 0 7.875 3.548 7.875 7.925s-3.526 7.926-7.875 7.926c-4.35 0-7.875-3.548-7.875-7.926-.001-4.377 3.525-7.925 7.875-7.925zm28.632 7.751c.003 4.314-3.47 7.814-7.757 7.818-4.286.003-7.765-3.492-7.769-7.806v-.012c-.002-4.314 3.471-7.814 7.758-7.817s7.765 3.492 7.768 7.806v.011z"/><path d="M23.446 6.252c2.217 2.232 3.326 4.964 3.326 8.197s-1.089 5.936-3.269 8.11c-2.313 2.289-5.046 3.434-8.2 3.434-3.116 0-5.802-1.135-8.057-3.405-2.256-2.271-3.383-4.982-3.383-8.138S4.99 8.561 7.246 6.252c2.198-2.232 4.884-3.348 8.057-3.348 3.212 0 5.926 1.116 8.143 3.348zM8.739 7.753c-1.875 1.905-2.812 4.138-2.812 6.698 0 2.561.928 4.773 2.783 6.64s4.064 2.801 6.627 2.801 4.791-.942 6.684-2.829c1.797-1.752 2.697-3.955 2.697-6.611 0-2.636-.914-4.874-2.74-6.712s-4.04-2.757-6.641-2.757-4.801.923-6.598 2.77zm4.933 5.572c-.287-.628-.715-.942-1.287-.942-1.011 0-1.516.685-1.516 2.054 0 1.37.505 2.055 1.516 2.055.667 0 1.145-.333 1.431-1.002l1.401.751c-.668 1.194-1.67 1.792-3.006 1.792-1.03 0-1.856-.317-2.476-.954-.621-.636-.931-1.512-.931-2.629 0-1.099.32-1.97.959-2.616s1.436-.968 2.39-.968c1.413 0 2.424.56 3.035 1.679l-1.516.78zm6.593 0c-.287-.628-.707-.942-1.261-.942-1.031 0-1.547.685-1.547 2.054 0 1.37.516 2.055 1.547 2.055.669 0 1.137-.333 1.404-1.002l1.433.751c-.667 1.194-1.667 1.792-3.001 1.792-1.029 0-1.853-.317-2.473-.954-.619-.636-.928-1.512-.928-2.629 0-1.099.314-1.97.943-2.616.628-.646 1.428-.968 2.4-.968 1.41 0 2.42.56 3.029 1.679l-1.546.78zM86.353 0H1.647C.739 0 0 .744 0 1.658v28.967c0 .207.167.375.372.375h87.256a.374.374 0 0 0 .372-.375V1.658C88 .744 87.261 0 86.353 0zM1.647.749h84.705c.498 0 .903.408.903.909v20.109H26.714c-2.219 4.038-6.494 6.779-11.401 6.779-4.908 0-9.183-2.738-11.4-6.779H.744V1.658c0-.501.405-.909.903-.909zM67.277 2.5c-2.355 0-4.349.827-5.98 2.481-1.675 1.712-2.512 3.737-2.512 6.077s.837 4.351 2.512 6.034c1.674 1.683 3.668 2.524 5.98 2.524 2.342 0 4.371-.849 6.089-2.546 1.616-1.611 2.427-3.616 2.427-6.012s-.824-4.422-2.471-6.077C71.677 3.327 69.662 2.5 67.277 2.5zm.022 1.54c1.93 0 3.569.685 4.918 2.054 1.361 1.355 2.043 3.01 2.043 4.964 0 1.968-.666 3.602-2.001 4.9-1.405 1.397-3.058 2.096-4.96 2.096-1.901 0-3.541-.691-4.917-2.074-1.376-1.384-2.064-3.024-2.064-4.921s.695-3.552 2.086-4.964c1.332-1.371 2.965-2.055 4.895-2.055zm-3.791 5.809c.34-2.153 1.846-3.304 3.733-3.304 2.716 0 4.369 1.982 4.369 4.626 0 2.58-1.76 4.584-4.411 4.584-1.824 0-3.457-1.13-3.755-3.347h2.143c.063 1.151.806 1.556 1.866 1.556 1.209 0 1.994-1.13 1.994-2.857 0-1.812-.679-2.771-1.951-2.771-.934 0-1.739.341-1.909 1.513l.623-.003-1.687 1.697-1.686-1.697.671.003zm-14.765-.911a.551.551 0 0 0-.55-.553h-3.478a.552.552 0 0 0-.55.553v3.5h.971v4.145h2.636v-4.145h.971v-3.5zM46.455 5.53c.656 0 1.189.536 1.189 1.197s-.533 1.197-1.189 1.197c-.657 0-1.189-.536-1.189-1.197s.532-1.197 1.189-1.197zm-.012-3.03c-2.355 0-4.349.827-5.981 2.481-1.675 1.711-2.512 3.737-2.512 6.076s.837 4.351 2.512 6.034c1.674 1.683 3.668 2.524 5.981 2.524 2.342 0 4.371-.849 6.088-2.547 1.619-1.611 2.428-3.615 2.428-6.012s-.823-4.421-2.47-6.076c-1.645-1.654-3.661-2.48-6.046-2.48zm.022 1.539c1.93 0 3.569.685 4.917 2.054 1.363 1.355 2.044 3.01 2.044 4.963 0 1.968-.666 3.602-2.001 4.9-1.405 1.398-3.058 2.096-4.96 2.096-1.901 0-3.541-.691-4.917-2.075-1.377-1.383-2.065-3.023-2.065-4.921 0-1.896.695-3.551 2.086-4.963 1.334-1.369 2.966-2.054 4.896-2.054z"/><path fill="#FFF" d="m69.277 24.171 1.816 4.888h-1.109l-.367-1.089h-1.816l-.381 1.089h-1.074l1.836-4.888h1.095zm.062 2.997-.612-1.793h-.014l-.633 1.793h1.259zm-6.079.682a.765.765 0 0 0 .234.277c.098.071.211.124.342.158.133.034.268.051.408.051.095 0 .197-.008.306-.023s.21-.047.306-.093a.66.66 0 0 0 .236-.188.472.472 0 0 0 .096-.305.43.43 0 0 0-.126-.321 1.001 1.001 0 0 0-.329-.206 3.269 3.269 0 0 0-.461-.143 13.5 13.5 0 0 1-.523-.138 4.963 4.963 0 0 1-.531-.167 1.798 1.798 0 0 1-.461-.258 1.18 1.18 0 0 1-.33-.393 1.217 1.217 0 0 1-.125-.572c0-.252.053-.469.16-.654.105-.184.246-.338.418-.462.172-.123.366-.214.584-.274.217-.059.436-.088.652-.088.254 0 .497.028.73.086.232.057.44.149.621.277.182.127.326.291.432.49.107.198.16.439.16.723h-1.036a.883.883 0 0 0-.091-.363c-.053-.096-.121-.172-.207-.227s-.184-.094-.295-.115a1.762 1.762 0 0 0-.361-.035c-.086 0-.172.01-.258.027a.694.694 0 0 0-.232.096c-.07.047-.129.104-.174.172s-.067.155-.067.26c0 .096.019.174.054.232.037.061.109.115.215.165s.254.101.441.151l.736.191c.092.018.217.051.377.1.161.047.32.123.479.229.159.105.296.246.412.422.115.176.173.4.173.674 0 .225-.044.432-.13.623a1.345 1.345 0 0 1-.384.496 1.833 1.833 0 0 1-.632.326 2.965 2.965 0 0 1-.874.116c-.268 0-.527-.033-.779-.1a1.952 1.952 0 0 1-.667-.312 1.552 1.552 0 0 1-.459-.543 1.62 1.62 0 0 1-.163-.78h1.036a.888.888 0 0 0 .087.418zm-17.287-3.679h1.198l1.138 1.931 1.13-1.931h1.19l-1.803 3.012v1.876h-1.07v-1.903l-1.783-2.985zm-1.975 0c.231 0 .442.021.633.062s.354.108.491.201a.95.95 0 0 1 .316.373c.075.155.112.348.112.575 0 .247-.055.451-.167.616a1.2 1.2 0 0 1-.493.402c.3.088.523.239.672.456.148.218.223.479.223.784 0 .246-.049.46-.144.641-.095.18-.224.327-.386.441a1.713 1.713 0 0 1-.552.254 2.47 2.47 0 0 1-.638.082h-2.358V24.17h2.291v.001zm-.137 1.976a.774.774 0 0 0 .47-.136c.123-.092.185-.239.185-.444 0-.114-.021-.208-.062-.28s-.095-.129-.164-.17-.146-.07-.235-.086a1.558 1.558 0 0 0-.276-.023h-1v1.14h1.082zm.062 2.075c.105 0 .205-.01.3-.03a.72.72 0 0 0 .252-.104c.073-.047.13-.112.174-.194s.065-.187.065-.315c0-.25-.071-.43-.212-.536-.141-.107-.328-.161-.559-.161h-1.166v1.341h1.146z"/></svg>
Copy link
Member

@alexgibson alexgibson Jul 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we please load this as a regular <img>? I don't think we really gain much here by in-lining the image, and having inline images makes them hard to search for in the future.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I originally used a more modern iconography, that was just a few shapes:

Screenshot 2024-07-29 at 11 07 44

But they seem not to use the "some rights reserved" tagline much these days anymore, so I opted for one of the buttons instead eventually.

Looking at this button code, it's rather large, yea. I'll move it out.

</a>
</p>
<p>
Expand Down
1 change: 1 addition & 0 deletions bedrock/settings/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,7 @@
# CSP directive updates we're testing that we hope to move to the enforced policy.
CONTENT_SECURITY_POLICY_REPORT_ONLY["DIRECTIVES"]["frame-ancestors"] = [csp.constants.NONE]
CONTENT_SECURITY_POLICY_REPORT_ONLY["DIRECTIVES"]["style-src"].remove(csp.constants.UNSAFE_INLINE)
CONTENT_SECURITY_POLICY_REPORT_ONLY["DIRECTIVES"]["img-src"].remove("creativecommons.org")
Copy link
Member

@alexgibson alexgibson Jul 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we are pretty safe just to remove creativecommons.org from _csp_img_src entirely, as a quick search suggests this is the only image we load from that domain.



# `CSP_PATH_OVERRIDES` and `CSP_PATH_OVERRIDES_REPORT_ONLY` are mainly for overriding CSP settings
Expand Down