View Issue Details

IDProjectCategoryView StatusLast Update
0008036TalerWeb site(s)public2024-09-07 17:26
ReporterChristian Grothoff Assigned To 
PrioritylowSeveritytweakReproducibilityN/A
Status confirmedResolutionopen 
Platformi7OSDebian GNU/LinuxOS Versionsqueeze
Product Versiongit (master) 
Target Versionpost-1.0 
Summary0008036: CSP shared between many *.taler.net-sites, should be made specific to each subdomain
DescriptionRight now, /etc/nginx/conf.d/talercsp.conf is included in various site configurations (like talerssl.conf). However, the CSP should probably be specific to the various subdomains. I today had to extract the CSP from the SSL configuration file as the CSP as-is created big problems for the merchant backends of the demo (as the SPAs could not interact with the exchange based on the CSP).

We should probably create custom CSPs in each *.site file (possibly with the exception of the head/test/demo sites, here the *backends* should set any CSPs that are needed). Some sites already have their custom CSP, but it probably makes sense to use the current talercsp.conf as a starting point and to create a specific CSP for each site. This will, however, require some careful testing / understanding of what CSP the respective site needs. It *looks* pretty obvious which rules are needed for which site, but still after copying the CSP rules into a *.site file (instead of including) and then specializing them for the respective site, the site should be tested to ensure it still works.
TagsNo tags attached.

Activities

javier.sepulveda

2024-01-08 13:10

administrator   ~0020822

ACK. Please let me (ASAP) do further investigation on this, to see if I can make some of the suggested improvements. Thank you for the great explanation of the task.

Issue History

Date Modified Username Field Change
2024-01-07 16:35 Christian Grothoff New Issue
2024-01-07 16:35 Christian Grothoff Status new => assigned
2024-01-07 16:35 Christian Grothoff Assigned To => javier.sepulveda
2024-01-08 13:10 javier.sepulveda Note Added: 0020822
2024-01-30 01:05 Christian Grothoff Priority normal => low
2024-09-07 17:26 Christian Grothoff Assigned To javier.sepulveda =>
2024-09-07 17:26 Christian Grothoff Status assigned => confirmed