From fceca91a2610b5eeea88f421fb78b32e51a2aa66 Mon Sep 17 00:00:00 2001 From: bbimber Date: Thu, 20 Feb 2025 07:32:58 -0800 Subject: [PATCH 1/3] Add ContentSecurityPolicyFilter.registerAllowedSources() --- mGAP/src/org/labkey/mgap/mGAPModule.java | 4 +++- mcc/src/org/labkey/mcc/MccModule.java | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/mGAP/src/org/labkey/mgap/mGAPModule.java b/mGAP/src/org/labkey/mgap/mGAPModule.java index 8e7abbf7..037d1892 100644 --- a/mGAP/src/org/labkey/mgap/mGAPModule.java +++ b/mGAP/src/org/labkey/mgap/mGAPModule.java @@ -35,6 +35,7 @@ import org.labkey.api.ldk.notification.NotificationService; import org.labkey.api.module.ModuleContext; import org.labkey.api.query.FieldKey; +import org.labkey.api.security.Directive; import org.labkey.api.sequenceanalysis.SequenceAnalysisService; import org.labkey.api.sequenceanalysis.pipeline.SequencePipelineService; import org.labkey.api.util.PageFlowUtil; @@ -107,7 +108,8 @@ public void doStartupAfterSpringConfig(ModuleContext moduleContext) SystemMaintenance.addTask(new mGapMaintenanceTask()); - ContentSecurityPolicyFilter.registerAllowedConnectionSource(this.getClass().getName(), "https://*.fontawesome.com", "https://code.jquery.com", "https://www.gstatic.com"); + ContentSecurityPolicyFilter.registerAllowedSources(Directive.Connection, this.getClass().getName(), "https://*.fontawesome.com", "https://code.jquery.com"); + ContentSecurityPolicyFilter.registerAllowedSources(Directive.Style, this.getClass().getName(), "https://code.jquery.com", "https://www.gstatic.com"); new PipelineStartup(); } diff --git a/mcc/src/org/labkey/mcc/MccModule.java b/mcc/src/org/labkey/mcc/MccModule.java index 3e951040..8545429f 100644 --- a/mcc/src/org/labkey/mcc/MccModule.java +++ b/mcc/src/org/labkey/mcc/MccModule.java @@ -29,6 +29,7 @@ import org.labkey.api.module.ModuleContext; import org.labkey.api.query.DefaultSchema; import org.labkey.api.query.QuerySchema; +import org.labkey.api.security.Directive; import org.labkey.api.security.permissions.ReadPermission; import org.labkey.api.security.roles.RoleManager; import org.labkey.api.study.Study; @@ -137,7 +138,8 @@ protected void doStartupAfterSpringConfig(ModuleContext moduleContext) SystemMaintenance.addTask(new MccMaintenanceTask()); - ContentSecurityPolicyFilter.registerAllowedConnectionSource(this.getClass().getName(), "https://cdn.datatables.net"); + ContentSecurityPolicyFilter.registerAllowedSources(Directive.Connection, this.getClass().getName(), "https://cdn.datatables.net"); + ContentSecurityPolicyFilter.registerAllowedSources(Directive.Style, this.getClass().getName(), "https://cdn.datatables.net"); } @Override From bc4cf2d1a690486f253e8437cef124a65686fda7 Mon Sep 17 00:00:00 2001 From: bbimber Date: Thu, 20 Feb 2025 16:22:12 -0800 Subject: [PATCH 2/3] Refine exceptions (#240) * Add ContentSecurityPolicyFilter.registerAllowedSources() --- mGAP/src/org/labkey/mgap/mGAPModule.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mGAP/src/org/labkey/mgap/mGAPModule.java b/mGAP/src/org/labkey/mgap/mGAPModule.java index 037d1892..59b68d2a 100644 --- a/mGAP/src/org/labkey/mgap/mGAPModule.java +++ b/mGAP/src/org/labkey/mgap/mGAPModule.java @@ -108,8 +108,9 @@ public void doStartupAfterSpringConfig(ModuleContext moduleContext) SystemMaintenance.addTask(new mGapMaintenanceTask()); - ContentSecurityPolicyFilter.registerAllowedSources(Directive.Connection, this.getClass().getName(), "https://*.fontawesome.com", "https://code.jquery.com"); + ContentSecurityPolicyFilter.registerAllowedSources(Directive.Connection, this.getClass().getName(), "https://code.jquery.com"); ContentSecurityPolicyFilter.registerAllowedSources(Directive.Style, this.getClass().getName(), "https://code.jquery.com", "https://www.gstatic.com"); + ContentSecurityPolicyFilter.registerAllowedSources(Directive.Font, this.getClass().getName(), "https://*.fontawesome.com"); new PipelineStartup(); } From 6eeb57c9776f3c15214f4d3e776bbd2ac1b5a577 Mon Sep 17 00:00:00 2001 From: bbimber Date: Thu, 20 Feb 2025 19:15:53 -0800 Subject: [PATCH 3/3] Modify ContentSecurityPolicyFilter --- mGAP/src/org/labkey/mgap/mGAPModule.java | 2 +- mcc/src/org/labkey/mcc/MccModule.java | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/mGAP/src/org/labkey/mgap/mGAPModule.java b/mGAP/src/org/labkey/mgap/mGAPModule.java index 59b68d2a..e94cdaa1 100644 --- a/mGAP/src/org/labkey/mgap/mGAPModule.java +++ b/mGAP/src/org/labkey/mgap/mGAPModule.java @@ -108,7 +108,7 @@ public void doStartupAfterSpringConfig(ModuleContext moduleContext) SystemMaintenance.addTask(new mGapMaintenanceTask()); - ContentSecurityPolicyFilter.registerAllowedSources(Directive.Connection, this.getClass().getName(), "https://code.jquery.com"); + ContentSecurityPolicyFilter.registerAllowedSources(Directive.Connection, this.getClass().getName(), "https://code.jquery.com", "https://*.fontawesome.com"); ContentSecurityPolicyFilter.registerAllowedSources(Directive.Style, this.getClass().getName(), "https://code.jquery.com", "https://www.gstatic.com"); ContentSecurityPolicyFilter.registerAllowedSources(Directive.Font, this.getClass().getName(), "https://*.fontawesome.com"); diff --git a/mcc/src/org/labkey/mcc/MccModule.java b/mcc/src/org/labkey/mcc/MccModule.java index 8545429f..1b1acf3c 100644 --- a/mcc/src/org/labkey/mcc/MccModule.java +++ b/mcc/src/org/labkey/mcc/MccModule.java @@ -140,6 +140,7 @@ protected void doStartupAfterSpringConfig(ModuleContext moduleContext) ContentSecurityPolicyFilter.registerAllowedSources(Directive.Connection, this.getClass().getName(), "https://cdn.datatables.net"); ContentSecurityPolicyFilter.registerAllowedSources(Directive.Style, this.getClass().getName(), "https://cdn.datatables.net"); + ContentSecurityPolicyFilter.registerAllowedSources(Directive.Image, this.getClass().getName(), "https://cdn.datatables.net"); } @Override