server icon indicating copy to clipboard operation
server copied to clipboard
verified publisher icon bitwarden

[SG-434] Remove gravatar.com from CSP rules

Open djsmith85 opened this issue 3 years ago • 0 comments

Type of change

- [ ] Bug fix
- [X] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

With some recent work to update the 2fa.directory urls, here's another spot where the gravatar-url's need to be removed.

Code changes

  • docker-unified/hbs/nginx-config.hbs: Removed https://www.gravatar.com from CSP
  • util/Setup/Configuration.cs: Removed https://www.gravatar.com from Nginx CSP

Before you submit

  • Please check for formatting errors (dotnet format --verify-no-changes) (required)
  • If making database changes - make sure you also update Entity Framework queries and/or migrations
  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team

djsmith85 avatar Dec 30 '22 20:12 djsmith85