Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doc(csp): add correct csp rule #2548

Merged
merged 4 commits into from
Aug 3, 2022
Merged

doc(csp): add correct csp rule #2548

merged 4 commits into from
Aug 3, 2022

Conversation

Chever-John
Copy link
Contributor

@Chever-John Chever-John commented Jul 28, 2022
edited
Loading

This PR is primarily intended to address the issue of not displaying embedded Grafana dashboards properly.
The issue can be viewed in this issue #2546 .

This issue is caused by the Dashboard updating the CSP (content security policy) feature. You need to add the appropriate configuration for the Grafana dashboard to display properly. This simply adds the configuration options that have been validated and the corresponding documentation.

This PR can also be referenced by the APISIX-Docker project.

Why submit this pull request?

  • Bugfix
  • New feature provided
  • Improve performance
  • Backport patches

What changes will this PR take into?

Please update this section with detailed description.

fix #2546

Checklist:

  • Did you explain what problem does this PR solve? Or what new features have been added?
  • Have you added corresponding test cases?
  • Have you modified the corresponding document?
  • Is this PR backward compatible? If it is not backward compatible, please discuss on the mailing list first

@codecov-commenter
Copy link

codecov-commenter commented Jul 28, 2022
edited
Loading

Codecov Report

Merging #2548 (b3cdf54) into master (0b98833) will increase coverage by 1.65%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #2548      +/-   ##
==========================================
+ Coverage   70.37%   72.02%   +1.65%     
==========================================
  Files         194       61     -133     
  Lines        7476     3975    -3501     
  Branches      861        0     -861     
==========================================
- Hits         5261     2863    -2398     
+ Misses       1923      818    -1105     
- Partials      292      294       +2
Flag Coverage Δ
backend-e2e-test-ginkgo 64.98% <ø> (+0.12%) ⬆️
backend-unit-test 50.61% <ø> (ø)
frontend-e2e-test ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
api/internal/core/storage/etcd.go 47.24% <0.00%> (-2.37%) ⬇️
...nents/Upstream/components/active-check/Timeout.tsx
.../components/passive-check/Healthy/HttpStatuses.tsx
web/src/components/Upstream/components/Timeout.tsx
web/src/pages/Service/components/Preview.tsx
...ages/Route/components/DebugViews/DebugDrawView.tsx
web/src/components/Plugin/service.ts
web/src/pages/SSL/List.tsx
web/src/pages/SSL/components/Step1/index.tsx
web/src/components/LabelsfDrawer/LabelsDrawer.tsx
... and 126 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

SkyeYoung
SkyeYoung reviewed Jul 29, 2022
View reviewed changes
api/conf/conf.yaml
@@ -66,8 +66,7 @@ conf:
# access_control_allow_headers: "Authorization"
# access_control-allow_methods: "*"
# x_frame_options: "deny"
# content_security_policy: ""default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'""

# content_security_policy: "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src xx.xx.xx.xx:3000" # You can set frame-src to provide content for your grafana panel.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line of text is too long, and you can't guarantee that everyone's editor is set to auto wrap line.

Suggested change
# content_security_policy: "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src xx.xx.xx.xx:3000" # You can set frame-src to provide content for your grafana panel.
# You can set frame-src to provide content for your grafana panel.
# content_security_policy: "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src xx.xx.xx.xx:3000"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not recommended, based on the style of the whole document, I think it would be misleading back to the user if it did.

If you insist, I suggest inviting @bzp2010 to make the final judgment.

Copy link
Contributor

@bzp2010 bzp2010 Aug 3, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's acceptable for now, and when we merge it to the next branch it will be modified according to the new format. 🤔

ping @SkyeYoung

@Chever-John Chever-John mentioned this pull request Aug 2, 2022
Closed
bzp2010
bzp2010 approved these changes Aug 3, 2022
View reviewed changes
api/conf/conf.yaml
@@ -66,8 +66,7 @@ conf:
# access_control_allow_headers: "Authorization"
# access_control-allow_methods: "*"
# x_frame_options: "deny"
# content_security_policy: ""default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'""

# content_security_policy: "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src xx.xx.xx.xx:3000" # You can set frame-src to provide content for your grafana panel.
Copy link
Contributor

@bzp2010 bzp2010 Aug 3, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's acceptable for now, and when we merge it to the next branch it will be modified according to the new format. 🤔

ping @SkyeYoung

@bzp2010 bzp2010 merged commit d67a5a3 into apache:master Aug 3, 2022
@vitcou vitcou mentioned this pull request Aug 28, 2022
Closed
hongbinhsu pushed a commit to fitphp/apix-dashboard that referenced this pull request Sep 10, 2022
Merge branch 'upstream/master' into github/master
98a924c 
* upstream/master: (23 commits)
  feat: Add config struct of OpenID-Connect Login (apache#2597)
  feat: set serverUrlMap with env, update cypress, update stylelint (apache#2583)
  chore: fix function name typo (apache#2599)
  fix: page refresh causes deletion exception (apache#2593)
  feat: support show all enable plugin list tab (apache#2585)
  fix: drawer components delete plugin not working (apache#2573)
  feat: add batch delete function for route (apache#2502)
  test: reduce fe ci time (apache#2557)
  doc(csp): add correct csp rule (apache#2548)
  doc: add a notice about the compatibility of Ingress and Dashboard (apache#2552)
  fix: add judgement for last_report_time (apache#2551)
  fix: cli test invalid etcd (apache#2544)
  feat: fix actions version to root version (apache#2521)
  fix: duplicate ID (apache#2501)
  fix: block arbitrary file index (apache#2497)
  docs: update deploy-with-docker.md (apache#2472)
  feat: translating Turkish for new features (apache#2487)
  docs: add new import and export docs to sidebar (apache#2485)
  docs: add data loader and new OpenAPI 3 loader (apache#2484)
  feat: support data loader in frontend (apache#2480)
  ...

# Conflicts:
#	api/internal/route.go
#	web/config/defaultSettings.ts
#	web/yarn.lock
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@guitu168 guitu168 guitu168 approved these changes

@SkyeYoung SkyeYoung SkyeYoung approved these changes

@Baoyuantop Baoyuantop Baoyuantop approved these changes

@bzp2010 bzp2010 bzp2010 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Dashboard of APISIX-dashboard seem to work incorrectly.
6 participants
@Chever-John @codecov-commenter @bzp2010 @Baoyuantop @SkyeYoung @guitu168