Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sets up scripts to place pseudo nonces to be transformed by revproxy. #787

Merged
merged 5 commits into from
Oct 9, 2024
Merged

Sets up scripts to place pseudo nonces to be transformed by revproxy. #787

merged 5 commits into from
Oct 9, 2024

Conversation

timcosgrove
Copy link
Contributor

@timcosgrove timcosgrove commented Oct 8, 2024
edited
Loading

Description

Adds nonce placeholders which will be substituted by the reverse proxy.

Ticket

#789

Developer Task

Tasks
Preview Give feedback

Testing Steps

You will need to set up a reverse proxy Preview server tunnel, using the preview instance from this PR: https://github.com/department-of-veterans-affairs/vsp-platform-revproxy/pull/687

Confirm that a Staging Content release has gone out with this code:

  1. Visit https://main-medc0xjkxm4jmpzxl3tfbcs7qcddsivh.ci.cms.va.gov/admin/config/system/feature_toggle and make sure the Event & Event Listing feature flags are enabled.
  2. Run a Content Release: Staging run, with this branch tcosgrove_nonce selected rather than main: https://github.com/department-of-veterans-affairs/next-build/actions/workflows/content-release-staging.yml

Then, run through these steps:

  1. Open the web inspector on your browser, and have the console open and ready.
  2. Visit https://staging.va.gov/outreach-and-events/events/. Confirm that you are tunneling through the Preview reverse proxy instance.
  3. Confirm in the response headers that you are seeing Next Build content.
  4. Confirm that you do not see any errors in the console indicating that Content Security Policy is preventing scripts from loading.
  5. Confirm that the page is loading fully as expected, including the header & footer.
  6. View source (not with the web inspector; actual source), and search for ssgManifest.js. For the script tag where that is loaded, you should see a nonce included in the script tag, something like the following:
<script src="/_next/static/vagovprod/_ssgManifest.js" defer="" nonce="cizixRUsiHF42ScikEQvnlNficBfj3Mr"></script>

Do the above steps again for any individual event page.

@va-cms-bot va-cms-bot temporarily deployed to Tugboat October 8, 2024 03:34 Destroyed
timcosgrove
timcosgrove commented Oct 8, 2024
View reviewed changes
src/pages/_app.tsx
@@ -17,7 +17,7 @@ type AppPropsWithLayout = AppProps & {

export function reportWebVitals(metric: object) {
// eslint-disable-next-line no-console
console.log(metric)
// console.log(metric)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is very old and should probably be removed.

mreed101
mreed101 previously approved these changes Oct 8, 2024
View reviewed changes
@va-cms-bot va-cms-bot temporarily deployed to Tugboat October 8, 2024 15:09 Destroyed
@va-cms-bot va-cms-bot temporarily deployed to Tugboat October 8, 2024 19:24 Destroyed
@va-cms-bot va-cms-bot temporarily deployed to Tugboat October 8, 2024 21:17 Destroyed
@timcosgrove timcosgrove merged commit 556ddcf into main Oct 9, 2024
10 checks passed
@timcosgrove timcosgrove deleted the tcosgrove_nonce branch October 9, 2024 15:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mreed101 mreed101 mreed101 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@timcosgrove @mreed101 @va-cms-bot @ttran-Therisa