Content-Security-Policy-Report-Only

[angle943]

Description

• Adds a Content-Security-Policy-Report-Only header to our requests
• This, when isEmitting is turned on, will send us CSP violation reports
• Currently I set the CSP-Report-Only rules to be just a slightly modified version of our current CSP. This will soon be updated with the final set of rules we want to look out for.

Changelog

• feat: Add a Content-Security-Policy-Report-Only header

Check List

• All tests pass
  • yarn test:jest
  • yarn test:jest_integration
• New functionality includes testing.
• New functionality has been documented.
• Update CHANGELOG.md
• Commits are signed per the DCO using --signoff

[codecov]

Codecov Report

❌ Patch coverage is 75.00000% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 60.49%. Comparing base (e5af133) to head (c753005).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
src/legacy/ui/ui_render/ui_render_mixin.js	0.00%	6 Missing ⚠️
...re/server/http_resources/http_resources_service.ts	50.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #10800   +/-   ##
=======================================
  Coverage   60.49%   60.49%           
=======================================
  Files        4506     4508    +2     
  Lines      121109   121134   +25     
  Branches    20178    20182    +4     
=======================================
+ Hits        73264    73283   +19     
- Misses      42723    42728    +5     
- Partials     5122     5123    +1     

Flag	Coverage Δ
Linux_1	26.57% <59.09%> (+<0.01%)	⬆️
Linux_2	38.84% <75.00%> (+0.01%)	⬆️
Linux_3	39.08% <59.09%> (+<0.01%)	⬆️
Linux_4	33.52% <46.42%> (+<0.01%)	⬆️
Windows_1	26.58% <59.09%> (+<0.01%)	⬆️
Windows_2	38.81% <75.00%> (+0.01%)	⬆️
Windows_3	39.09% <59.09%> (+<0.01%)	⬆️
Windows_4	33.52% <46.42%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.