Skip to content

New metrics to track report and enforce CSPs #6369

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
labkey-jeckels wants to merge 1 commit into from
Closed

New metrics to track report and enforce CSPs #6369

labkey-jeckels wants to merge 1 commit into from

Conversation

@labkey-jeckels
Copy link
Contributor

@labkey-jeckels labkey-jeckels commented Feb 25, 2025

Rationale

Let's keep track of the Content Security Policies that are in use

Changes

  • Two new metrics, tracking the templated CSPs deployed: modules.API.contentSecurityPolicy.enforce and modules.API.contentSecurityPolicy.report

@labkey-adam
Copy link
Contributor

labkey-adam commented Feb 25, 2025

I've added similar metrics in my PR: #6359

I'm including only CSP version, but I could easily add the full CSP. At a minimum, let's get my PR merged and iterate on that.

@labkey-jeckels
Copy link
Contributor Author

labkey-jeckels commented Feb 25, 2025

I've added similar metrics in my PR: #6359

I'm including only CSP version, but I could easily add the full CSP. At a minimum, let's get my PR merged and iterate on that.

Great, thanks for the note. I won't do anything with this PR for the moment. Ultimately, I'm hoping for an approach that helps us understand which on-premise deployments have a CSP too.

@labkey-adam
Copy link
Contributor

labkey-adam commented Feb 25, 2025

I've added similar metrics in my PR: #6359
I'm including only CSP version, but I could easily add the full CSP. At a minimum, let's get my PR merged and iterate on that.

Great, thanks for the note. I won't do anything with this PR for the moment. Ultimately, I'm hoping for an approach that helps us understand which on-premise deployments have a CSP too.

Yep, me too. I'll look at adding the full CSP to my thing and we can go from there. Feel free to review, if you want.

@labkey-jeckels labkey-jeckels deleted the fb_cspMetric branch February 25, 2025 01:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Sigmonia Sigmonia Awaiting requested review from Sigmonia

@labkey-adam labkey-adam Awaiting requested review from labkey-adam

@labkey-matthewb labkey-matthewb Awaiting requested review from labkey-matthewb

@labkey-jony labkey-jony Awaiting requested review from labkey-jony

@labkey-stuartm labkey-stuartm Awaiting requested review from labkey-stuartm

@labkey-willm labkey-willm Awaiting requested review from labkey-willm

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@labkey-jeckels @labkey-adam