Fix WhiteNoise issues

tests/test_middleware.py

@@ -5,7 +5,7 @@ import pytest
 from treeherder.middleware import CustomWhiteNoise
 
 URLS_IMMUTABLE = [
-    # Assets generated by Neutrino.
+    # Assets generated by Yarn.
     '/assets/2.379789df.css',
     '/assets/dancing_cat.fa5552a5.gif',
     '/assets/fontawesome-webfont.af7ae505.woff2',
@@ -24,7 +24,7 @@ URLS_NOT_IMMUTABLE = [
     '/revision.txt',
     '/tree_open.png',
     '/docs/schema.js',
-    # The unhashed Neutrino/webpack output if using `yarn build --mode development`.
+    # The unhashed Yarn/webpack output if using `yarn build --mode development`.
     '/assets/runtime.js',
     '/assets/vendors~index.js',
     # The unhashed Django static asset originals (used in development).

treeherder/config/settings.py

@@ -9,6 +9,7 @@ from furl import furl
 from kombu import Exchange, Queue
 
 from treeherder.config.utils import connection_should_use_tls
+from treeherder.middleware import add_headers_function
 
 # TODO: Switch to pathlib once using Python 3.
 SRC_DIR = dirname(dirname(dirname(abspath(__file__))))
@@ -409,6 +410,8 @@ WHITENOISE_INDEX_FILE = True
 # Only output the hashed filename version of static files and not the originals.
 # Halves the time spent performing Brotli/gzip compression during deploys.
 WHITENOISE_KEEP_ONLY_HASHED_FILES = True
+# Add a `Content-Security-Policy` header to all static file responses.
+WHITENOISE_ADD_HEADERS_FUNCTION = add_headers_function
 
 # Templating
 TEMPLATES = [

treeherder/middleware.py

@@ -1,7 +1,6 @@
 import re
 
 import newrelic.agent
-from django.urls import reverse
 from django.utils.deprecation import MiddlewareMixin
 from whitenoise.middleware import WhiteNoiseMiddleware
 
@@ -22,37 +21,39 @@ CSP_DIRECTIVES = [
     "connect-src 'self' https://community-tc.services.mozilla.com https://firefox-ci-tc.services.mozilla.com https://*.taskcluster-artifacts.net https://taskcluster-artifacts.net https://treestatus.mozilla-releng.net https://bugzilla.mozilla.org https://auth.mozilla.auth0.com https://stage.taskcluster.nonprod.cloudops.mozgcp.net https://insights-api.newrelic.com https://prototype.treeherder.nonprod.cloudops.mozgcp.net https://treeherder.allizom.org",
     # Required since auth0-js performs session renewals in an iframe.
     "frame-src 'self' https://auth.mozilla.auth0.com",
-    "report-uri {}".format(reverse('csp-report')),
 ]
-CSP_HEADER = '; '.join(CSP_DIRECTIVES)
+
+
+def add_headers_function(headers, path, url):
+    """
+    This allows custom headers be be added to static assets responses.
+    NB: It does not affect dynamically generated Django views/templates,
+    such as API responses, or the browse-able API/auto-generated docs,
+    since they are not served by the WhiteNoise middleware.
+    """
+    from django.urls import reverse
+
+    CSP_DIRECTIVES.append("report-uri {}".format(reverse('csp-report')))
+    CSP_HEADER = '; '.join(CSP_DIRECTIVES)
+    headers['Content-Security-Policy'] = CSP_HEADER
 
 
 class CustomWhiteNoise(WhiteNoiseMiddleware):
     """
-    Extends WhiteNoiseMiddleware with two additional features:
-    1) Adds a `Content-Security-Policy` header to all static file responses.
-    2) Allows WhiteNoise to recognise Neutrino-generated hashed filenames as "immutable",
-       so that WhiteNoise will then set long Cache-Control max-age headers for them.
+    Extends WhiteNoiseMiddleware to allow WhiteNoise to recognise Yarn-generated
+    hashed filenames as "immutable", so that WhiteNoise will then set long
+    Cache-Control max-age headers for them.
 
     For the stock functionality provided by WhiteNoiseMiddleware see:
     https://whitenoise.readthedocs.io/
     """
 
-    # Matches Neutrino's style of hashed filename URLs, eg:
+    # Matches Yarn's style of hashed filename URLs, eg:
     #   /assets/index.1d85033a.js
     #   /assets/2.379789df.css.map
     #   /assets/fontawesome-webfont.af7ae505.woff2
     IMMUTABLE_FILE_RE = re.compile(r'^/assets/.*\.[a-f0-9]{8}\..*')
 
-    def add_headers_function(self, headers, path, url):
-        """
-        This allows custom headers be be added to static assets responses.
-        NB: It does not affect dynamically generated Django views/templates,
-        such as API responses, or the browse-able API/auto-generated docs,
-        since they are not served by the WhiteNoise middleware.
-        """
-        headers['Content-Security-Policy'] = CSP_HEADER
-
     def immutable_file_test(self, path, url):
         """
         Determines whether the given URL represents an immutable file (i.e. a file with a