Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(cloudfront): reportOnly flag on ResponseHeadersContentSecurityPolicy #29031

Closed
wants to merge 73 commits into from
Closed

feat(cloudfront): reportOnly flag on ResponseHeadersContentSecurityPolicy #29031

wants to merge 73 commits into from

Conversation

dillonstreator
Copy link

Issue #29006

Closes #29006.

Reason for this change

Improve ergonomics/discoverability/DX of CSP Report Only configuration

Description of changes

Added an optional reportOnly field on ResponseHeadersContentSecurityPolicy that maps the CSP to a custom header.

Description of how you validated changes

Added a unit test

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2 beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK labels Feb 8, 2024
@aws-cdk-automation aws-cdk-automation requested a review from a team February 8, 2024 15:50
@dillonstreator dillonstreator changed the title fix-29006 reportOnly flag on ResponseHeadersContentSecurityPolicy` fix-29006 reportOnly flag on ResponseHeadersContentSecurityPolicy Feb 8, 2024
aws-cdk-automation
aws-cdk-automation previously requested changes Feb 8, 2024
View reviewed changes
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

@dillonstreator dillonstreator changed the title fix-29006 reportOnly flag on ResponseHeadersContentSecurityPolicy feat(cdk/cloudfront): reportOnly flag on ResponseHeadersContentSecurityPolicy Feb 8, 2024
@dillonstreator dillonstreator changed the title feat(cdk/cloudfront): reportOnly flag on ResponseHeadersContentSecurityPolicy feat(cdk): reportOnly flag on ResponseHeadersContentSecurityPolicy Feb 8, 2024
@dillonstreator dillonstreator changed the title feat(cdk): reportOnly flag on ResponseHeadersContentSecurityPolicy feat(cdk/cloudfront): reportOnly flag on ResponseHeadersContentSecurityPolicy Feb 9, 2024
@dillonstreator dillonstreator changed the title feat(cdk/cloudfront): reportOnly flag on ResponseHeadersContentSecurityPolicy feat(cdk): reportOnly flag on ResponseHeadersContentSecurityPolicy Feb 9, 2024
@dillonstreator
Copy link
Author

Exemption Request:
I may be missing something but I don't think the following check applies to this change. I couldn't find a relevant integration test or snapshot.

❌ Features must contain a change to an integration test file and the resulting snapshot.

@aws-cdk-automation aws-cdk-automation added the pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback. label Feb 9, 2024
@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Feb 21, 2024
@aws-cdk-automation
Copy link
Collaborator

This PR has been in the CHANGES REQUESTED state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week.

@github-actions github-actions bot mentioned this pull request Mar 1, 2024
Closed
@paulhcsun paulhcsun added the pr-linter/exempt-integ-test The PR linter will not require integ test changes label Mar 7, 2024
@aws-cdk-automation aws-cdk-automation dismissed their stale review March 7, 2024 19:34

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

@dillonstreator
Copy link
Author

dillonstreator commented Apr 17, 2024
edited
Loading

In regard to your exemption request, I'd like to see an integ test that uses the settings you're adding so that we know it deploys just fine.

@TheRealAmazonKendra - could you point me in the right direction here? I couldn't find an existing integration test that covered ResponseHeadersPolicy, leading me to believe this should be exempt.

@aws-cdk-automation
Copy link
Collaborator

This PR has been in the CHANGES REQUESTED state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week.

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: daa3037
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error.

@aws-cdk-automation aws-cdk-automation added the closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. label May 15, 2024
@aws-cdk-automation
Copy link
Collaborator

The pull request linter fails with the following errors:

❌ Features must contain a change to an integration test file and the resulting snapshot.

PRs must pass status checks before we can provide a meaningful review.

If you would like to request an exemption from the status checks or clarification on feedback, please leave a comment on this PR containing Exemption Request and/or Clarification Request.

✅ A exemption request has been requested. Please wait for a maintainer's review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aws-cdk-automation aws-cdk-automation aws-cdk-automation requested changes

@TheRealAmazonKendra TheRealAmazonKendra Awaiting requested review from TheRealAmazonKendra

Assignees
No one assigned
Labels
beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

cloudfront: Support Content-Security-Policy-Report-Only header
4 participants
@dillonstreator @aws-cdk-automation @TheRealAmazonKendra @paulhcsun