Patchwork hgweb: support Content Security Policy

login
register
mail settings
Submitter Augie Fackler
Date Jan. 12, 2017, 3:11 a.m.
Message ID <20170112031115.GD25681@imladris.local>
Download mbox | patch
Permalink /patch/18184/
State Not Applicable
Headers show

Comments

Augie Fackler - Jan. 12, 2017, 3:11 a.m.
On Wed, Jan 11, 2017 at 10:05:05PM -0500, Augie Fackler wrote:
> On Tue, Jan 10, 2017 at 11:41:10PM -0800, Gregory Szorc wrote:
> > # HG changeset patch
> > # User Gregory Szorc <gregory.szorc@gmail.com>
> > # Date 1484120228 28800
> > #      Tue Jan 10 23:37:08 2017 -0800
> > # Node ID 113293954736e020d29e8e48aa3e01657ec853f3
> > # Parent  79314c9a79b3aa033b6f79d066b97d7157ecac33
> > hgweb: support Content Security Policy
>
> Queued this, thanks. Sometimes I wonder if http and html need to die
> when I see stuff like this.

I'm seeing some failures with this, maybe it failed to commute with
something else that landed in the interim. Can you take a look? I've
included failure output below (reproduced on both linux and OS X):

augie% make test-hgweb-csp.t
cd tests && python run-tests.py -j4 test-hgweb-csp.t


ERROR: test-hgweb-csp.t output changed

> _______________________________________________
> Mercurial-devel mailing list
> Mercurial-devel@mercurial-scm.org
> https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
Gregory Szorc - Jan. 12, 2017, 3:38 a.m.
I forgot to send a patch I made before this that refactored that
process_dates() line. Will patchbomb in a few seconds. Please queue before
the CSP patch if accepted. Otherwise, drop the CSP patch and have me send a
V2.

On Wed, Jan 11, 2017 at 7:11 PM, Augie Fackler <raf@durin42.com> wrote:

> On Wed, Jan 11, 2017 at 10:05:05PM -0500, Augie Fackler wrote:
> > On Tue, Jan 10, 2017 at 11:41:10PM -0800, Gregory Szorc wrote:
> > > # HG changeset patch
> > > # User Gregory Szorc <gregory.szorc@gmail.com>
> > > # Date 1484120228 28800
> > > #      Tue Jan 10 23:37:08 2017 -0800
> > > # Node ID 113293954736e020d29e8e48aa3e01657ec853f3
> > > # Parent  79314c9a79b3aa033b6f79d066b97d7157ecac33
> > > hgweb: support Content Security Policy
> >
> > Queued this, thanks. Sometimes I wonder if http and html need to die
> > when I see stuff like this.
>
> I'm seeing some failures with this, maybe it failed to commute with
> something else that landed in the interim. Can you take a look? I've
> included failure output below (reproduced on both linux and OS X):
>
> augie% make test-hgweb-csp.t
> cd tests && python run-tests.py -j4 test-hgweb-csp.t
>
> --- /Users/augie/Programming/hg/crew/tests/test-hgweb-csp.t
> +++ /Users/augie/Programming/hg/crew/tests/test-hgweb-csp.t.err
> @@ -68,6 +68,7 @@
>    <!--[if IE]><script type="text/javascript" src="/repo1/static/excanvas.
> js"></script><![endif]-->
>    <script type="text/javascript">
>    <script type="text/javascript">
> +  <script type="text/javascript">process_dates()</script>
>
>  Configure CSP with nonce
>
> @@ -105,6 +106,7 @@
>    <!--[if IE]><script type="text/javascript" src="/repo1/static/excanvas.
> js"></script><![endif]-->
>    <script type="text/javascript" nonce="*"> (glob)
>    <script type="text/javascript" nonce="*"> (glob)
> +  <script type="text/javascript">process_dates()</script>
>
>  hgweb_mod w/o hgwebdir works as expected
>
> @@ -127,3 +129,4 @@
>    <!--[if IE]><script type="text/javascript" src="/static/excanvas.js"></
> script><![endif]-->
>    <script type="text/javascript" nonce="*"> (glob)
>    <script type="text/javascript" nonce="*"> (glob)
> +  <script type="text/javascript">process_dates()</script>
>
> ERROR: test-hgweb-csp.t output changed
>
> > _______________________________________________
> > Mercurial-devel mailing list
> > Mercurial-devel@mercurial-scm.org
> > https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
>
Augie Fackler - Jan. 12, 2017, 3:48 a.m.
On Jan 11, 2017 10:38 PM, "Gregory Szorc" <gregory.szorc@gmail.com> wrote:

I forgot to send a patch I made before this that refactored that
process_dates() line. Will patchbomb in a few seconds. Please queue before
the CSP patch if accepted.


Can do. I'll likely handle that in the morning. Thanks!

Otherwise, drop the CSP patch and have me send a V2.

On Wed, Jan 11, 2017 at 7:11 PM, Augie Fackler <raf@durin42.com> wrote:

> On Wed, Jan 11, 2017 at 10:05:05PM -0500, Augie Fackler wrote:
> > On Tue, Jan 10, 2017 at 11:41:10PM -0800, Gregory Szorc wrote:
> > > # HG changeset patch
> > > # User Gregory Szorc <gregory.szorc@gmail.com>
> > > # Date 1484120228 28800
> > > #      Tue Jan 10 23:37:08 2017 -0800
> > > # Node ID 113293954736e020d29e8e48aa3e01657ec853f3
> > > # Parent  79314c9a79b3aa033b6f79d066b97d7157ecac33
> > > hgweb: support Content Security Policy
> >
> > Queued this, thanks. Sometimes I wonder if http and html need to die
> > when I see stuff like this.
>
> I'm seeing some failures with this, maybe it failed to commute with
> something else that landed in the interim. Can you take a look? I've
> included failure output below (reproduced on both linux and OS X):
>
> augie% make test-hgweb-csp.t
> cd tests && python run-tests.py -j4 test-hgweb-csp.t
>
> --- /Users/augie/Programming/hg/crew/tests/test-hgweb-csp.t
> +++ /Users/augie/Programming/hg/crew/tests/test-hgweb-csp.t.err
> @@ -68,6 +68,7 @@
>    <!--[if IE]><script type="text/javascript"
> src="/repo1/static/excanvas.js"></script><![endif]-->
>    <script type="text/javascript">
>    <script type="text/javascript">
> +  <script type="text/javascript">process_dates()</script>
>
>  Configure CSP with nonce
>
> @@ -105,6 +106,7 @@
>    <!--[if IE]><script type="text/javascript"
> src="/repo1/static/excanvas.js"></script><![endif]-->
>    <script type="text/javascript" nonce="*"> (glob)
>    <script type="text/javascript" nonce="*"> (glob)
> +  <script type="text/javascript">process_dates()</script>
>
>  hgweb_mod w/o hgwebdir works as expected
>
> @@ -127,3 +129,4 @@
>    <!--[if IE]><script type="text/javascript"
> src="/static/excanvas.js"></script><![endif]-->
>    <script type="text/javascript" nonce="*"> (glob)
>    <script type="text/javascript" nonce="*"> (glob)
> +  <script type="text/javascript">process_dates()</script>
>
> ERROR: test-hgweb-csp.t output changed
>
> > _______________________________________________
> > Mercurial-devel mailing list
> > Mercurial-devel@mercurial-scm.org
> > https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel
>

Patch

--- /Users/augie/Programming/hg/crew/tests/test-hgweb-csp.t
+++ /Users/augie/Programming/hg/crew/tests/test-hgweb-csp.t.err
@@ -68,6 +68,7 @@ 
   <!--[if IE]><script type="text/javascript" src="/repo1/static/excanvas.js"></script><![endif]-->
   <script type="text/javascript">
   <script type="text/javascript">
+  <script type="text/javascript">process_dates()</script>

 Configure CSP with nonce

@@ -105,6 +106,7 @@ 
   <!--[if IE]><script type="text/javascript" src="/repo1/static/excanvas.js"></script><![endif]-->
   <script type="text/javascript" nonce="*"> (glob)
   <script type="text/javascript" nonce="*"> (glob)
+  <script type="text/javascript">process_dates()</script>

 hgweb_mod w/o hgwebdir works as expected

@@ -127,3 +129,4 @@ 
   <!--[if IE]><script type="text/javascript" src="/static/excanvas.js"></script><![endif]-->
   <script type="text/javascript" nonce="*"> (glob)
   <script type="text/javascript" nonce="*"> (glob)
+  <script type="text/javascript">process_dates()</script>