Skip to content

Commit

Permalink
Merge branch 'main' into update-prettier-etc
Browse files Browse the repository at this point in the history
  • Loading branch information
mmmavis authored Mar 26, 2024
2 parents 0362a9e + 787581a commit f7b227f
Show file tree
Hide file tree
Showing 9 changed files with 44 additions and 25 deletions.
7 changes: 4 additions & 3 deletions .github/workflows/continous-integration.yml
Original file line number Diff line number Diff line change
Expand Up @@ -144,10 +144,11 @@ jobs:
X_FRAME_OPTIONS: DENY
XSS_PROTECTION: True
CSP_CONNECT_SRC: "*"
CSP_FONT_SRC: "'self' https://fonts.gstatic.com https://fonts.googleapis.com https://code.cdn.mozilla.net https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ data:"
CSP_FRAME_SRC: "'self' https://www.google.com/recaptcha/"
CSP_SCRIPT_SRC: "'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js http://*.shpg.org/ https://comments.mozillafoundation.org/ https://airtable.com https://platform.twitter.com https://cdnjs.cloudflare.com/ajax/libs/gsap/3.8.0/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.8.0/ScrollTrigger.min.js https://*.googletagmanager.com https://*.fundraiseup.com https://mozillafoundation.tfaforms.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval'"
CSP_FONT_SRC: "'self' https://fonts.gstatic.com https://fonts.googleapis.com https://code.cdn.mozilla.net https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ data: https://static.fundraiseup.com/common-fonts/"
CSP_FRAME_SRC: "'self' https://www.google.com/recaptcha/ https://*.stripe.com https://pay.google.com https://*.paypal.com"
CSP_SCRIPT_SRC: "'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js http://*.shpg.org/ https://comments.mozillafoundation.org/ https://airtable.com https://platform.twitter.com https://cdnjs.cloudflare.com/ajax/libs/gsap/3.8.0/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.8.0/ScrollTrigger.min.js https://*.googletagmanager.com https://*.fundraiseup.com https://mozillafoundation.tfaforms.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval' https://*.stripe.com https://m.stripe.network https://*.paypal.com https://*.paypalobjects.com https://pay.google.com"
CSP_STYLE_SRC: "'self' 'unsafe-inline' https://code.cdn.mozilla.net https://fonts.googleapis.com https://platform.twitter.com https://mozillafoundation.tfaforms.net https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"
SECURE_CROSS_ORIGIN_OPENER_POLICY: "'same-origin-allow-popups'"
steps:
- uses: actions/checkout@v3
- uses: actions/setup-python@v4
Expand Down
7 changes: 4 additions & 3 deletions .github/workflows/visual-regression-testing.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,12 @@ jobs:
CSP_CHILD_SRC: " 'self' https://www.youtube.com https://www.youtube-nocookie.com "
CSP_CONNECT_SRC: " * "
CSP_DEFAULT_SRC: " 'none' "
CSP_FONT_SRC: " 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://code.cdn.mozilla.net https://static.fundraiseup.com/fonts/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/"
CSP_FONT_SRC: " 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://code.cdn.mozilla.net https://*.fundraiseup.com https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/"
CSP_FRAME_ANCESTORS: " 'none' "
CSP_FRAME_SRC: " 'self' https://www.youtube.com https://comments.mozillafoundation.org/ https://airtable.com https://docs.google.com/ https://platform.twitter.com https://public.zenkit.com https://calendar.google.com https://www.youtube-nocookie.com https://form.typeform.com https://js.tito.io https://datawrapper.dwcdn.net https://www.google.com/recaptcha/"
CSP_FRAME_SRC: " 'self' https://www.youtube.com https://comments.mozillafoundation.org/ https://airtable.com https://docs.google.com/ https://platform.twitter.com https://public.zenkit.com https://calendar.google.com https://www.youtube-nocookie.com https://form.typeform.com https://js.tito.io https://datawrapper.dwcdn.net https://www.google.com/recaptcha/ https://*.stripe.com https://pay.google.com https://*.paypal.com"
CSP_IMG_SRC: " * data: "
CSP_MEDIA_SRC: " 'self' data: https://s3.amazonaws.com/mofo-assets/foundation/video/ "
CSP_SCRIPT_SRC: " 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js http://*.shpg.org/ https://comments.mozillafoundation.org/ https://airtable.com https://platform.twitter.com https://cdn.syndication.twimg.com https://embed.typeform.com https://js.tito.io https://js-plugins.tito.io/gtm.js https://tagmanager.google.com *.googletagmanager.com https://*.fundraiseup.com https://mozillafoundation.tfaforms.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval'"
CSP_SCRIPT_SRC: " 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js http://*.shpg.org/ https://comments.mozillafoundation.org/ https://airtable.com https://platform.twitter.com https://cdn.syndication.twimg.com https://embed.typeform.com https://js.tito.io https://js-plugins.tito.io/gtm.js https://tagmanager.google.com *.googletagmanager.com https://*.fundraiseup.com https://mozillafoundation.tfaforms.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval' https://*.stripe.com https://m.stripe.network https://*.paypal.com https://*.paypalobjects.com https://pay.google.com"
CSP_STYLE_SRC: " 'self' 'unsafe-inline' https://code.cdn.mozilla.net https://fonts.googleapis.com https://platform.twitter.com https://js.tito.io https://tagmanager.google.com https://mozillafoundation.tfaforms.net https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"
CSP_INCLUDE_NONCE_IN: "script-src"
DATABASE_URL: postgres://postgres:postgres@localhost:5432/network
Expand All @@ -48,6 +48,7 @@ jobs:
PULSE_API_DOMAIN: https://network-pulse-api-production.herokuapp.com
PULSE_DOMAIN: https://www.mozillapulse.org
RANDOM_SEED: 530910203
SECURE_CROSS_ORIGIN_OPENER_POLICY: "'same-origin-allow-popups'"
SET_HSTS: False
SSL_REDIRECT: False
TARGET_DOMAINS: foundation.mozilla.org
Expand Down
7 changes: 4 additions & 3 deletions app.json
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,15 @@
"CSP_CONNECT_SRC": "*",
"CSP_DEFAULT_SRC": "'none'",
"CSP_FRAME_ANCESTORS": "'none'",
"CSP_FRAME_SRC": "'self' https://js.tito.io https://www.google.com/recaptcha/",
"CSP_FONT_SRC": "'self' https://fonts.gstatic.com https://fonts.googleapis.com https://code.cdn.mozilla.net https://static.fundraiseup.com/fonts/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/",
"CSP_FRAME_SRC": "'self' https://js.tito.io https://www.google.com/recaptcha/ https://*.stripe.com https://pay.google.com https://*.paypal.com",
"CSP_FONT_SRC": "'self' https://fonts.gstatic.com https://fonts.googleapis.com https://code.cdn.mozilla.net https://*.fundraiseup.com https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/",
"CSP_IMG_SRC": "* data:",
"CSP_MEDIA_SRC": "'self' https://s3.amazonaws.com/mofo-assets/foundation/video/",
"CSP_SCRIPT_SRC": "'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js http://*.shpg.org/ https://comments.mozillafoundation.org/ https://airtable.com https://platform.twitter.com https://cdn.syndication.twimg.com https://js.tito.io https://js-plugins.tito.io/gtm.js https://*.fundraiseup.com *.googletagmanager.com https://mozillafoundation.tfaforms.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval'",
"CSP_SCRIPT_SRC": "'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js http://*.shpg.org/ https://comments.mozillafoundation.org/ https://airtable.com https://platform.twitter.com https://cdn.syndication.twimg.com https://js.tito.io https://js-plugins.tito.io/gtm.js https://*.fundraiseup.com *.googletagmanager.com https://mozillafoundation.tfaforms.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval' https://*.stripe.com https://m.stripe.network https://*.paypal.com https://pay.google.com",
"CSP_STYLE_SRC": "'self' 'unsafe-inline' https://code.cdn.mozilla.net https://fonts.googleapis.com https://platform.twitter.com https://js.tito.io https://mozillafoundation.tfaforms.net https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css",
"NPM_CONFIG_PRODUCTION": "true",
"REVIEW_APP": "True",
"SECURE_CROSS_ORIGIN_OPENER_POLICY": "'same-origin-allow-popups'",
"XROBOTSTAG_ENABLED": "True"
},
"buildpacks": [
Expand Down
8 changes: 5 additions & 3 deletions env.default
Original file line number Diff line number Diff line change
Expand Up @@ -51,15 +51,17 @@ BASKET_URL=https://basket-dev.allizom.org
CSP_CHILD_SRC=" 'self' https://www.youtube.com https://www.youtube-nocookie.com "
CSP_CONNECT_SRC=" * "
CSP_DEFAULT_SRC=" 'none' "
CSP_FONT_SRC=" 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://code.cdn.mozilla.net https://static.fundraiseup.com/fonts/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/"
CSP_FONT_SRC=" 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://code.cdn.mozilla.net https://*.fundraiseup.com https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/"
CSP_FRAME_ANCESTORS=" 'self' "
CSP_FRAME_SRC=" 'self' https://www.youtube.com https://comments.mozillafoundation.org/ https://airtable.com https://docs.google.com/ https://platform.twitter.com https://public.zenkit.com https://calendar.google.com https://www.youtube-nocookie.com https://form.typeform.com https://js.tito.io https://datawrapper.dwcdn.net https://www.google.com/recaptcha/"
CSP_FRAME_SRC=" 'self' https://www.youtube.com https://comments.mozillafoundation.org/ https://airtable.com https://docs.google.com/ https://platform.twitter.com https://public.zenkit.com https://calendar.google.com https://www.youtube-nocookie.com https://form.typeform.com https://js.tito.io https://datawrapper.dwcdn.net https://www.google.com/recaptcha/ https://pay.google.com https://*.paypal.com"
CSP_IMG_SRC=" * data: "
CSP_MEDIA_SRC=" 'self' data: https://s3.amazonaws.com/mofo-assets/foundation/video/ "
CSP_SCRIPT_SRC=" 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js http://*.shpg.org/ https://comments.mozillafoundation.org/ https://airtable.com https://platform.twitter.com https://cdn.syndication.twimg.com https://embed.typeform.com https://js.tito.io https://js-plugins.tito.io/gtm.js https://tagmanager.google.com *.googletagmanager.com https://*.fundraiseup.com https://mozillafoundation.tfaforms.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval'"
CSP_SCRIPT_SRC=" 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js http://*.shpg.org/ https://comments.mozillafoundation.org/ https://airtable.com https://platform.twitter.com https://cdn.syndication.twimg.com https://embed.typeform.com https://js.tito.io https://js-plugins.tito.io/gtm.js https://tagmanager.google.com *.googletagmanager.com https://*.fundraiseup.com https://mozillafoundation.tfaforms.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval' https://*.stripe.com https://m.stripe.network https://*.paypal.com https://*.paypalobjects.com https://pay.google.com"
CSP_STYLE_SRC=" 'self' 'unsafe-inline' https://code.cdn.mozilla.net https://fonts.googleapis.com https://platform.twitter.com https://js.tito.io https://tagmanager.google.com https://mozillafoundation.tfaforms.net https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css"
CSP_INCLUDE_NONCE_IN=script-src

# Security config
SECURE_CROSS_ORIGIN_OPENER_POLICY = " 'same-origin-allow-popups' "

# Petition test campaign id for Salesforce Sandbox
PETITION_TEST_CAMPAIGN_ID=7017i000000bIgTAAU
Expand Down
2 changes: 1 addition & 1 deletion network-api/networkapi/mozfest/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -433,7 +433,7 @@ class MozfestLandingPage(MozfestPrimaryPage):
# Content tab fields
TranslatableField("title"),
TranslatableField("banner_heading"),
SynchronizedField("banner_image"),
SynchronizedField("banner"),
TranslatableField("banner_meta"),
TranslatableField("banner_text"),
SynchronizedField("banner_link_url"),
Expand Down
2 changes: 2 additions & 0 deletions network-api/networkapi/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -624,9 +624,11 @@ class DatabasesDict(TypedDict):
CSP_WORKER_SRC = env("CSP_WORKER_SRC", default=CSP_DEFAULT)
CSP_INCLUDE_NONCE_IN = env("CSP_INCLUDE_NONCE_IN", default=[])


# Security
SECURE_BROWSER_XSS_FILTER = env("XSS_PROTECTION")
SECURE_CONTENT_TYPE_NOSNIFF = env("CONTENT_TYPE_NO_SNIFF")
SECURE_CROSS_ORIGIN_OPENER_POLICY = env("SECURE_CROSS_ORIGIN_OPENER_POLICY", default="'same-origin'")
SECURE_HSTS_INCLUDE_SUBDOMAINS = env("SET_HSTS")
SECURE_HSTS_SECONDS = 60 * 60 * 24 * 31 * 6
SECURE_SSL_REDIRECT = env("SSL_REDIRECT")
Expand Down
12 changes: 10 additions & 2 deletions network-api/networkapi/templates/pages/buyersguide/base.html
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,16 @@

{% block page_title %}
{% environment_prefix %}
{% if pageTitle %}{{ pageTitle }}
{% else %}{% blocktrans context "“*Privacy Not Included” can be localized. This is a reference to the “*batteries not included” mention on toys." %}*Privacy Not Included | Shop smart and safe{% endblocktrans %} | Mozilla Foundation{% endif %}
{# if routable page #}
{% if pageTitle %}
{{ pageTitle }}
{# if custom seo_title for a wagtail page #}
{% elif page.seo_title %}
{{ page.seo_title }}
{# default to page.title #}
{% else %}
{% trans "*Privacy Not Included" context "*Privacy Not Included can be localized. This is a reference to the “*batteries not included” mention on toys." %} | {{ page.title }} | {% trans "Mozilla Foundation" %}
{% endif %}
{% endblock %}

{# TODO: consider using a different ga_identifier? #}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,7 @@ def about_page(self, request):
context["pagetype"] = "about"
context["pageTitle"] = pgettext(
"*Privacy Not Included can be localized.",
"How to use *Privacy Not Included",
"How to use *Privacy Not Included | Mozilla Foundation",
)
return render(request, "pages/buyersguide/about/how_to_use.html", context)

Expand All @@ -195,7 +195,7 @@ def about_why_page(self, request):
context["pagetype"] = "about"
context["pageTitle"] = pgettext(
"*Privacy Not Included can be localized.",
"Why we made *Privacy Not Included",
"Why we made *Privacy Not Included | Mozilla Foundation",
)
return render(request, "pages/buyersguide/about/why_we_made.html", context)

Expand All @@ -208,7 +208,7 @@ def about_press_page(self, request):
+ " | "
+ pgettext(
"This can be localized. This is a reference to the “*batteries not included” mention on toys.",
"*Privacy Not Included",
"*Privacy Not Included | Mozilla Foundation",
)
)
return render(request, "pages/buyersguide/about/press.html", context)
Expand All @@ -222,7 +222,7 @@ def about_contact_page(self, request):
+ " | "
+ pgettext(
"This can be localized. This is a reference to the “*batteries not included” mention on toys.",
"*Privacy Not Included",
"*Privacy Not Included | Mozilla Foundation",
)
)
return render(request, "pages/buyersguide/about/contact.html", context)
Expand All @@ -236,7 +236,7 @@ def about_methodology_page(self, request):
+ " | "
+ pgettext(
"This can be localized. This is a reference to the “*batteries not included” mention on toys.",
"*Privacy Not Included",
"*Privacy Not Included | Mozilla Foundation",
)
)
return render(request, "pages/buyersguide/about/methodology.html", context)
Expand All @@ -250,7 +250,7 @@ def about_contest(self, request):
+ " | "
+ pgettext(
"This can be localized. This is a reference to the “*batteries not included” mention on toys.",
"*Privacy Not Included",
"*Privacy Not Included | Mozilla Foundation",
)
)
return render(request, "pages/buyersguide/contest.html", context)
Expand Down Expand Up @@ -309,7 +309,7 @@ def categories_page(self, request, slug):
context["category"] = slug
context["current_category"] = category
context["products"] = products
context["pageTitle"] = f'{category.name} | {gettext("Privacy & security guide")}' f" | Mozilla Foundation"
context["pageTitle"] = f'{category.name} | {gettext("Privacy & Security Guide")}' f" | Mozilla Foundation"
context["template_cache_key_fragment"] = f"{category.slug}_{request.LANGUAGE_CODE}"

# Checking if category has custom metadata, if so, update the share image and description.
Expand Down
10 changes: 7 additions & 3 deletions source/js/foundation/pages/mozfest/tito.js
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,12 @@ export function setupTitoEventListener() {
tito("on:widget:loaded", function () {
// To address a bug when the sticky button is blocking users to access full content on Tito popup
// See https://github.com/MozillaFoundation/foundation.mozilla.org/issues/10307
document
.querySelector(`.narrow-sticky-button-container`)
.classList.add("hidden");
try {
document
.querySelector(`.narrow-sticky-button-container`)
.classList.add("hidden");
} catch (e) {
// Do nothing
}
});
}

0 comments on commit f7b227f

Please sign in to comment.