Revert "miscweb: add CSP exceptions for demos and themeroller sites"

This reverts commit cc72233.
jquery · Nov 16, 2024 · 5176f47 · 5176f47
1 parent cc72233
commit 5176f47
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 26 deletions.
diff --git a/hieradata/environments/production/roles/miscweb.yaml b/hieradata/environments/production/roles/miscweb.yaml
@@ -18,17 +18,6 @@ profile::miscweb::sites:
       name: jquery/demos.jquerymobile.com
       branch: main
     allow_php: true
-    # script-src: unsafe-eval for syntax highlighting on all pages
-    # img-src: data: for inline SVGs
-    # style-src|font-src: load fonts from Google Fonts
-    csp_header: |
-      default-src 'self';
-      script-src 'self' 'unsafe-eval';
-      img-src 'self' data:;
-      style-src 'self' fonts.googleapis.com;
-      font-src 'self' fonts.gstatic.com;
-      report-uri https://csp-report-api.openjs-foundation.workers.dev/;
-      report-to csp-endpoint
   podcast.jquery.com:
     repository:
       name: jquery/podcast.jquery.com
@@ -53,14 +42,6 @@ profile::miscweb::sites:
       }
     php_env:
       THEMEROLLER_ZIPDIR: /var/cache/themeroller-zip
-    # style-src: lots of inline styles
-    # img-src: data: for inline images
-    csp_header: |
-      default-src 'self';
-      style-src 'self' 'unsafe-inline';
-      img-src 'self' data:;
-      report-uri https://csp-report-api.openjs-foundation.workers.dev/;
-      report-to csp-endpoint
   bugs.jquery.com:
     repository:
       name: jquery/bugs.jquery.com

diff --git a/modules/profile/templates/miscweb/site.nginx.erb b/modules/profile/templates/miscweb/site.nginx.erb
@@ -20,11 +20,6 @@ server {
 
   # Add Content Security Policy headers
   add_header Reporting-Endpoints "csp-endpoint='https://csp-report-api.openjs-foundation.workers.dev/'";
-<%- if @site['csp_header'] -%>
-  add_header Content-Security-Policy-Report-Only "
-    <%= @site['csp_header'] %>
-  ";
-<%- else -%>
   # script-src: add 'wasm-unsafe-eval' for WebAssembly-driven search on
   #   bugs.jquery.com, bugs.jqueryui.com, and plugins.jquery.com
   # img-src: allow secure.gravatar.com images on plugins.jquery.com
@@ -39,7 +34,6 @@ server {
     report-uri https://csp-report-api.openjs-foundation.workers.dev/;
     report-to csp-endpoint
   ";
-<%- end -%>
 
 <%- if @site['allow_php'] -%>
   index index.php index.html;

diff --git a/modules/profile/types/miscweb/site.pp b/modules/profile/types/miscweb/site.pp
@@ -9,5 +9,4 @@
   allow_php    => Optional[Boolean],
   php_env      => Optional[Hash[String[1], String]],
   certificate  => Optional[String[1]],
-  csp_header   => Optional[String[1]],
 }]