Bug 1613265 - More CSP and url changes for taskcluster-staging (#6071)

* Add more domains to CSP and remove taskcluster.net for legacy support
* Add checkRootUrls for a few I missed

treeherder/middleware.py

@@ -19,7 +19,7 @@ CSP_DIRECTIVES = [
     "font-src 'self' https://fonts.gstatic.com",
     # The `data:` is required for images that were inlined by webpack's url-loader (as an optimisation).
     "img-src 'self' data:",
-    "connect-src 'self' https://community-tc.services.mozilla.com https://firefox-ci-tc.services.mozilla.com https://*.taskcluster-artifacts.net https://taskcluster-artifacts.net https://*.taskcluster.net https://treestatus.mozilla-releng.net https://bugzilla.mozilla.org https://auth.mozilla.auth0.com https://stage.taskcluster.nonprod.cloudops.mozgcp.net/",
+    "connect-src 'self' https://community-tc.services.mozilla.com https://firefox-ci-tc.services.mozilla.com https://*.taskcluster-artifacts.net https://taskcluster-artifacts.net https://treestatus.mozilla-releng.net https://bugzilla.mozilla.org https://auth.mozilla.auth0.com https://stage.taskcluster.nonprod.cloudops.mozgcp.net/ https://artifacts.tcstage.mozaws.net/ https://*.artifacts.tcstage.mozaws.net/",
     # Required since auth0-js performs session renewals in an iframe.
     "frame-src 'self' https://auth.mozilla.auth0.com",
     "report-uri {}".format(reverse('csp-report')),

ui/job-view/CustomJobActions.jsx

@@ -27,6 +27,7 @@ import { faCheckSquare } from '@fortawesome/free-regular-svg-icons';
 import { formatTaskclusterError } from '../helpers/errorMessage';
 import TaskclusterModel from '../models/taskcluster';
 import DropdownMenuItems from '../shared/DropdownMenuItems';
+import { checkRootUrl } from '../taskcluster-auth-callback/constants';
 
 import { notify } from './redux/stores/notifications';
 
@@ -158,7 +159,10 @@ class CustomJobActions extends React.PureComponent {
       taskId => {
         this.setState({ triggering: false });
         let message = 'Custom action request sent successfully:';
-        let url = tcLibUrls.ui(currentRepo.tc_root_url, `/tasks/${taskId}`);
+        let url = tcLibUrls.ui(
+          checkRootUrl(currentRepo.tc_root_url),
+          `/tasks/${taskId}`,
+        );
 
         // For the time being, we are redirecting specific actions to
         // specific urls that are different than usual. At this time, we are

ui/job-view/details/summary/ActionBar.jsx

@@ -33,6 +33,7 @@ import CustomJobActions from '../../CustomJobActions';
 import { notify } from '../../redux/stores/notifications';
 import { pinJob } from '../../redux/stores/pinnedJobs';
 import { getAction } from '../../../helpers/taskcluster';
+import { checkRootUrl } from '../../../taskcluster-auth-callback/constants';
 
 import LogUrls from './LogUrls';
 
@@ -550,7 +551,7 @@ class ActionBar extends React.PureComponent {
                         className="pl-4"
                         href={getInspectTaskUrl(
                           selectedJobFull.task_id,
-                          currentRepo.tc_root_url,
+                          checkRootUrl(currentRepo.tc_root_url),
                           selectedJobFull.submit_timestamp,
                         )}
                       >

ui/models/taskcluster.js

@@ -4,6 +4,7 @@ import { Auth, Hooks } from 'taskcluster-client-web';
 import { satisfiesExpression } from 'taskcluster-lib-scopes';
 
 import taskcluster, { tcCredentialsMessage } from '../helpers/taskcluster';
+import { checkRootUrl } from '../taskcluster-auth-callback/constants';
 
 export default class TaskclusterModel {
   static taskInContext(tagSetList, taskTags) {
@@ -34,8 +35,8 @@ export default class TaskclusterModel {
       },
       staticActionVariables,
     );
-
-    const queue = taskcluster.getQueue(currentRepo.tc_root_url, testMode);
+    const rootUrl = checkRootUrl(currentRepo.tc_root_url);
+    const queue = taskcluster.getQueue(rootUrl, testMode);
 
     if (action.kind === 'task') {
       context.task = task;
@@ -52,7 +53,7 @@ export default class TaskclusterModel {
     if (action.kind === 'hook') {
       const hookPayload = jsone(action.hookPayload, context);
       const { hookId, hookGroupId } = action;
-      const auth = new Auth({ rootUrl: currentRepo.tc_root_url });
+      const auth = new Auth({ rootUrl });
 
       const userCredentials = testMode
         ? taskcluster.getMockCredentials()
@@ -61,7 +62,7 @@ export default class TaskclusterModel {
         throw new Error(tcCredentialsMessage);
       }
       const hooks = new Hooks({
-        rootUrl: currentRepo.tc_root_url,
+        rootUrl,
         credentials: userCredentials.credentials,
       });
       const decisionTask = await queue.task(decisionTaskId);
@@ -86,8 +87,8 @@ export default class TaskclusterModel {
     if (!decisionTaskID) {
       throw Error("No decision task, can't find taskcluster actions");
     }
-
-    const queue = taskcluster.getQueue(currentRepo.tc_root_url, testMode);
+    const rootUrl = checkRootUrl(currentRepo.tc_root_url);
+    const queue = taskcluster.getQueue(rootUrl, testMode);
     const actionsUrl = queue.buildUrl(
       queue.getLatestArtifact,
       decisionTaskID,
@@ -99,7 +100,7 @@ export default class TaskclusterModel {
     let originalTaskPromise = Promise.resolve(null);
     if (job) {
       originalTaskId = job.task_id;
-      const queue = taskcluster.getQueue(currentRepo.tc_root_url, testMode);
+      const queue = taskcluster.getQueue(rootUrl, testMode);
       originalTaskPromise = queue.task(originalTaskId);
     }
 

ui/shared/JobInfo.jsx

@@ -4,6 +4,7 @@ import PropTypes from 'prop-types';
 import { getInspectTaskUrl } from '../helpers/url';
 import { getJobSearchStrHref } from '../helpers/job';
 import { toDateStr } from '../helpers/display';
+import { checkRootUrl } from '../taskcluster-auth-callback/constants';
 
 import Clipboard from './Clipboard';
 
@@ -82,7 +83,7 @@ export default class JobInfo extends React.PureComponent {
               id="taskInfo"
               href={getInspectTaskUrl(
                 taskId,
-                currentRepo.tc_root_url,
+                checkRootUrl(currentRepo.tc_root_url),
                 submitTimestamp,
               )}
               target="_blank"