HomeElementl

[dagit] Introduce a CSP

Description

[dagit] Introduce a CSP

Summary:
Add a CSP to the Dagit app.

  • Lock down default-src and override with some 'self' and a few other minor needs.
  • In prod usage, within app.py, generate a one-time nonce and insert into index.html. This is used as __webpack_nonce__ (https://webpack.js.org/guides/csp/), which can then be consumed by styled-components.
  • In development, allow inline style and script since we won't have a nonce.

Test Plan:
Load Dagit in development. Verify that the app loads properly, and that scripts, XHR, WebSockets, images, styles, etc. all work as expected, with no CSP errors.

yarn build-for-python to generate a prod build, then run Dagit with it. Verify same as above, and verify that the nonce is generated anew on pageloads, and is consumed correctly by styled-components.

Reviewers: max, bengotow, prha, dgibson

Reviewed By: prha

Differential Revision: https://dagster.phacility.com/D8930

Details

Provenance
dishAuthored on Jul 2 2021, 4:07 PM
Reviewer
prha
Differential Revision
D8930: [dagit] Introduce a CSP
Parents
R1:68e2c371d617: PipelineDefinition.all_solid_defs -> all_node_defs
Branches
Unknown
Tags
Unknown