From 1edca1e4c5b95ee12555beefa239bffb638c45e4 Mon Sep 17 00:00:00 2001 From: Martin-Belton-gov Date: Thu, 1 Feb 2024 16:07:44 +0000 Subject: [PATCH 1/5] Updated grafana.ini --- grafana-files/grafana.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grafana-files/grafana.ini b/grafana-files/grafana.ini index 2967fdf..4ff6d84 100644 --- a/grafana-files/grafana.ini +++ b/grafana-files/grafana.ini @@ -366,7 +366,7 @@ content_security_policy = true # Set Content Security Policy template used when adding the Content-Security-Policy header to your requests. # $NONCE in the template includes a random nonce. # $ROOT_PATH is server.root_url without the protocol. -content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' grafana.com ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';""" +content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' localhost:3000/,20.107.65.156.nip.io:3000/grafana,dev.develop-child-family-social-work-career.education.gov.uk:3000/grafana,test.develop-child-family-social-work-career.education.gov.uk:3000/grafana,pre-prod.develop-child-family-social-work-career.education.gov.uk:3000/grafana,develop-child-family-social-work-career.education.gov.uk:3000/grafana,www.dev.develop-child-family-social-work-career.education.gov.uk:3000/grafana,www.test.develop-child-family-social-work-career.education.gov.uk:3000/grafana,www.pre-prod.develop-child-family-social-work-career.education.gov.uk:3000/grafana,www.develop-child-family-social-work-career.education.gov.uk:3000/grafana ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';""" # Enable adding the Content-Security-Policy-Report-Only header to your requests. # Allows you to monitor the effects of a policy without enforcing it. From 0e736151a0fb828783d8b27aed59567fae30a198 Mon Sep 17 00:00:00 2001 From: Martin-Belton-gov Date: Thu, 1 Feb 2024 16:12:52 +0000 Subject: [PATCH 2/5] replaced comma with space --- grafana-files/grafana.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grafana-files/grafana.ini b/grafana-files/grafana.ini index 4ff6d84..287b6c1 100644 --- a/grafana-files/grafana.ini +++ b/grafana-files/grafana.ini @@ -366,7 +366,7 @@ content_security_policy = true # Set Content Security Policy template used when adding the Content-Security-Policy header to your requests. # $NONCE in the template includes a random nonce. # $ROOT_PATH is server.root_url without the protocol. -content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' localhost:3000/,20.107.65.156.nip.io:3000/grafana,dev.develop-child-family-social-work-career.education.gov.uk:3000/grafana,test.develop-child-family-social-work-career.education.gov.uk:3000/grafana,pre-prod.develop-child-family-social-work-career.education.gov.uk:3000/grafana,develop-child-family-social-work-career.education.gov.uk:3000/grafana,www.dev.develop-child-family-social-work-career.education.gov.uk:3000/grafana,www.test.develop-child-family-social-work-career.education.gov.uk:3000/grafana,www.pre-prod.develop-child-family-social-work-career.education.gov.uk:3000/grafana,www.develop-child-family-social-work-career.education.gov.uk:3000/grafana ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';""" +content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' localhost:3000/ 20.107.65.156.nip.io:3000/grafana dev.develop-child-family-social-work-career.education.gov.uk:3000/grafana test.develop-child-family-social-work-career.education.gov.uk:3000/grafana pre-prod.develop-child-family-social-work-career.education.gov.uk:3000/grafana develop-child-family-social-work-career.education.gov.uk:3000/grafana www.dev.develop-child-family-social-work-career.education.gov.uk:3000/grafana www.test.develop-child-family-social-work-career.education.gov.uk:3000/grafana www.pre-prod.develop-child-family-social-work-career.education.gov.uk:3000/grafana www.develop-child-family-social-work-career.education.gov.uk:3000/grafana ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';""" # Enable adding the Content-Security-Policy-Report-Only header to your requests. # Allows you to monitor the effects of a policy without enforcing it. From 5b54370da218effd3ae813ec053f03d035c9cd23 Mon Sep 17 00:00:00 2001 From: Martin-Belton-gov Date: Thu, 1 Feb 2024 16:17:27 +0000 Subject: [PATCH 3/5] Modified content_security_policy_template --- grafana-files/grafana.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grafana-files/grafana.ini b/grafana-files/grafana.ini index 287b6c1..7b17aa0 100644 --- a/grafana-files/grafana.ini +++ b/grafana-files/grafana.ini @@ -366,7 +366,7 @@ content_security_policy = true # Set Content Security Policy template used when adding the Content-Security-Policy header to your requests. # $NONCE in the template includes a random nonce. # $ROOT_PATH is server.root_url without the protocol. -content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' localhost:3000/ 20.107.65.156.nip.io:3000/grafana dev.develop-child-family-social-work-career.education.gov.uk:3000/grafana test.develop-child-family-social-work-career.education.gov.uk:3000/grafana pre-prod.develop-child-family-social-work-career.education.gov.uk:3000/grafana develop-child-family-social-work-career.education.gov.uk:3000/grafana www.dev.develop-child-family-social-work-career.education.gov.uk:3000/grafana www.test.develop-child-family-social-work-career.education.gov.uk:3000/grafana www.pre-prod.develop-child-family-social-work-career.education.gov.uk:3000/grafana www.develop-child-family-social-work-career.education.gov.uk:3000/grafana ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';""" +content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' localhost 20.107.65.156.nip.io/grafana dev.develop-child-family-social-work-career.education.gov.uk/grafana test.develop-child-family-social-work-career.education.gov.uk/grafana pre-prod.develop-child-family-social-work-career.education.gov.uk/grafana develop-child-family-social-work-career.education.gov.uk/grafana www.dev.develop-child-family-social-work-career.education.gov.uk/grafana www.test.develop-child-family-social-work-career.education.gov.uk/grafana www.pre-prod.develop-child-family-social-work-career.education.gov.uk/grafana www.develop-child-family-social-work-career.education.gov.uk/grafana ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';""" # Enable adding the Content-Security-Policy-Report-Only header to your requests. # Allows you to monitor the effects of a policy without enforcing it. From ff7259acadba313aaf5ff34447315fa09fe70acb Mon Sep 17 00:00:00 2001 From: Martin-Belton-gov Date: Thu, 1 Feb 2024 16:54:30 +0000 Subject: [PATCH 4/5] Updated the version number --- .github/workflows/dockerpublish.yml | 2 +- .github/workflows/publish-ghcr.yml | 2 +- dfe-azurecostbackend-datasource/package.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/dockerpublish.yml b/.github/workflows/dockerpublish.yml index e49c212..547feb2 100644 --- a/.github/workflows/dockerpublish.yml +++ b/.github/workflows/dockerpublish.yml @@ -16,7 +16,7 @@ env: # github.repository as / IMAGE_NAME: ${{ github.repository }} RELEASE_TAG: ${{ github.event.release.tag_name }} - PLUGIN_VERSION: 1.0.10 + PLUGIN_VERSION: 1.0.11 jobs: build: diff --git a/.github/workflows/publish-ghcr.yml b/.github/workflows/publish-ghcr.yml index b67b2ac..6c764f1 100644 --- a/.github/workflows/publish-ghcr.yml +++ b/.github/workflows/publish-ghcr.yml @@ -11,7 +11,7 @@ env: # github.repository as / IMAGE_NAME: ${{ github.repository }} RELEASE_TAG: ${{ github.event.release.tag_name }} - PLUGIN_VERSION: 1.0.10 + PLUGIN_VERSION: 1.0.11 jobs: build-and-push: diff --git a/dfe-azurecostbackend-datasource/package.json b/dfe-azurecostbackend-datasource/package.json index 7588600..f8dd7f0 100644 --- a/dfe-azurecostbackend-datasource/package.json +++ b/dfe-azurecostbackend-datasource/package.json @@ -1,7 +1,7 @@ { "id": "1", "name": "azurecost-backend", - "version": "1.0.10", + "version": "1.0.11", "description": "Azure cost backend", "scripts": { "build": "webpack -c ./.config/webpack/webpack.config.ts --env production", From 57e508d03074c8e036c732ac7b277895be992a73 Mon Sep 17 00:00:00 2001 From: Martin-Belton-gov Date: Thu, 1 Feb 2024 17:07:05 +0000 Subject: [PATCH 5/5] Modified content_security_policy_template URLs --- grafana-files/grafana.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grafana-files/grafana.ini b/grafana-files/grafana.ini index 7b17aa0..b2343d4 100644 --- a/grafana-files/grafana.ini +++ b/grafana-files/grafana.ini @@ -366,7 +366,7 @@ content_security_policy = true # Set Content Security Policy template used when adding the Content-Security-Policy header to your requests. # $NONCE in the template includes a random nonce. # $ROOT_PATH is server.root_url without the protocol. -content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' localhost 20.107.65.156.nip.io/grafana dev.develop-child-family-social-work-career.education.gov.uk/grafana test.develop-child-family-social-work-career.education.gov.uk/grafana pre-prod.develop-child-family-social-work-career.education.gov.uk/grafana develop-child-family-social-work-career.education.gov.uk/grafana www.dev.develop-child-family-social-work-career.education.gov.uk/grafana www.test.develop-child-family-social-work-career.education.gov.uk/grafana www.pre-prod.develop-child-family-social-work-career.education.gov.uk/grafana www.develop-child-family-social-work-career.education.gov.uk/grafana ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';""" +content_security_policy_template = """script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri 'self';connect-src 'self' 20.107.65.156.nip.io/grafana dev.develop-child-family-social-work-career.education.gov.uk/grafana test.develop-child-family-social-work-career.education.gov.uk/grafana pre-prod.develop-child-family-social-work-career.education.gov.uk/grafana develop-child-family-social-work-career.education.gov.uk/grafana www.develop-child-family-social-work-career.education.gov.uk/grafana ws://$ROOT_PATH wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';""" # Enable adding the Content-Security-Policy-Report-Only header to your requests. # Allows you to monitor the effects of a policy without enforcing it.