Bug 1493253 follow up - Set CSP for crash table iframe

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 3d7daed3e9066e6fa0f2f87c405aabdbcc612f05..29b7174f44827c1b52b7a683d24ab8116a0f55f5 100644 (file)
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -39,7 +39,10 @@ sub DEFAULT_CSP {
     default_src => ['self'],
     script_src =>
       ['self', 'nonce', 'unsafe-inline', 'https://www.google-analytics.com'],
-    frame_src   => ['none',],
+    frame_src   => [
+      # This is for extensions/BMO/web/js/firefox-crash-table.js
+      'https://crash-stop-addon.herokuapp.com',
+    ],
     worker_src  => ['none',],
     img_src     => ['self', 'blob:', 'https://secure.gravatar.com'],
     style_src   => ['self', 'unsafe-inline'],
@@ -98,7 +101,12 @@ sub SHOW_BUG_MODAL_CSP {
       # This is from extensions/OrangeFactor/web/js/orange_factor.js
       'https://treeherder.mozilla.org/api/failurecount/',
     ],
-    frame_src  => ['self',],
+    frame_src  => [
+      'self',
+
+      # This is for extensions/BMO/web/js/firefox-crash-table.js
+      'https://crash-stop-addon.herokuapp.com',
+    ],
     worker_src => ['none',],
   );
   if (use_attachbase() && $bug_id) {