Bug in CelerityStaticResourceResponse

Observed Behavior:
Stratcom determines a page is not frameable.

Expected Behavior:
Stratcom detemines the page is frameable.

Phabricator Version:
Latest stable

Reproduction Steps:
From lines 268-273 in src/applications/celerity/CelerityStaticResourceResponse.php:

    if ($is_frameable) {
      $initializers[] = array(
        'data' => 'frameable',
        'kind' => (bool)$is_frameable,

The kind and data labels need to be switched (as can be verified by comparing to other initializers)

This is obviously a bug, but I have no idea how to follow the reproduction steps to reproduce it or verify that it is fixed.

We added our site domain to the frame-ancestors CSP in AphrontResponse

$csp[] = "frame-ancestors 'self' https://*.mycompany.io";

and marked the PhabricatorProjectBoardViewController:


(This allows us to embed the project boards in other applications running in our own domain).

However, the frame-busting Javascript still triggered

as the HTML document contains the following:

<data data-javelin-init-kind="1" data-javelin-init-data="{&quot;frameable&quot;}"></data>

(or similar, am no longer at work)

After switching data and kind the JS no longer triggers.

Please let me know if you need any further reproduction instructions in order to make this fix.

Would you like me to send you a diff for this?

Here is a diff that anyone can apply to their installation to fix this behaviour if they need it:

--- src/applications/celerity/CelerityStaticResourceResponse.php        2018-06-06 14:55:04.551977496 +0100
+++ ../../thought-machine/phabricator/src/applications/celerity/CelerityStaticResourceResponse.php      2019-01-08 12:34:38.394703095 +0000
@@ -267,8 +267,10 @@
     if ($is_frameable) {
       $initializers[] = array(
-        'data' => 'frameable',
-        'kind' => (bool)$is_frameable,
+        'kind' => 'frameable',
+        'data' => (bool)$is_frameable,