Fix issues with frame-src CSP directive
What does this MR do and why?
Following !71345 (merged) the sidekiq dashboard didn't work in development mode using chrome.
This is because when there is a path such as https://example.com/path
in the CSP Chrome understands it as exactly that path and will block https://example.com/path/subpath
. Firefox will accept that path and subpaths. However https://example.com/path/
only accepts subpaths and will block https://example.com/path
. For this reason we need both /sidekiq/
and /sidekiq
in the CSP.
In addition to that it was pointed out in !71345 (comment 710820794) that the letter opener stopped working so this MR addresses this issue as well.
Screenshots or screen recordings
No visual changes
How to set up and validate locally
- Visit
/admin/background_jobs
in Chrome and change the tabs in the sidekiq dashboard. Validate that they all work. - Visit
/rails/letter_opener/
and observe that the letter opener application works
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.