Skip to content

fix: allowing csp for intra domain communication #1079

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 3, 2024
Merged

fix: allowing csp for intra domain communication #1079

merged 1 commit into from
Sep 3, 2024

Conversation

christian-calabrese
Copy link
Contributor

List of Changes

Allowed https://.dev.developer.pagopa.it in dev environment's csp
Allowed https://.developer.pagopa.it in prod environment's csp

Motivation and Context

The chatbot UI could not reach the backend APIs with the following error:

Refused to connect to 'https://api.chatbot.dev.developer.pagopa.it/queries' because it violates the following Content Security Policy directive: "connect-src 'self' https://cognito-identity.eu-south-1.amazonaws.com/ https://dynamodb.eu-south-1.amazonaws.com/ https://cognito-idp.eu-south-1.amazonaws.com/ https://raw.githubusercontent.com/pagopa/ https://raw.githubusercontent.com/teamdigitale/ https://*.cookielaw.org https://*.onetrust.com https://www.google-analytics.com/ https://api.io.italia.it/ *.google-analytics.com https://pagopa.matomo.cloud/".

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

  • Chore (nothing changes by a user perspective)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.

@christian-calabrese christian-calabrese requested a review from a team as a code owner September 3, 2024 14:43
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Sep 3, 2024

⚠️ No Changeset found

Latest commit: 58f5969

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions github-actions bot added the infra label Sep 3, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 3, 2024

Jira Pull request Link

@christian-calabrese it seems this Pull Request has no issues that refers to Jira!
Please check it out.
PR's title should be something like: [B2B-1] Title where B2B-1 is the activity's id on Jira.

@christian-calabrese christian-calabrese merged commit 49dc092 into main Sep 3, 2024
12 of 13 checks passed
@christian-calabrese christian-calabrese deleted the fix-csp-not-allowing-intra-domain-communication branch September 3, 2024 14:50
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 3, 2024

📦 Next.js Bundle Analysis for nextjs-website

This analysis was generated by the Next.js Bundle Analysis action. 🤖

This PR introduced no changes to the JavaScript bundle! 🙌

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@christian-calabrese christian-calabrese

Labels

infra size/small

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@christian-calabrese