potsda.mn/mobilizon
10
4
Fork 1
Code Issues 22 Pull requests 1 Projects Releases Wiki Activity

Fix CSP issues in production

Browse source 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2021-01-26 16:39:50 +01:00
parent c596d7e478
commit e933004daf
No known key found for this signature in database
GPG key ID: A061B9DDE0CA0773
4 changed files with 14 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
js/src/main.ts
View file

@ -37,5 +37,6 @@ new Vue({
el: "#app", el: "#app",
template: "<App/>", template: "<App/>",
components: { App }, components: { App },
render: (h) => h(App),
i18n, i18n,
}); });

10
js/vue.config.js
View file

@ -1,10 +1,8 @@
const path = require("path"); const path = require("path");
const ForkTsCheckerWebpackPlugin = require("fork-ts-checker-webpack-plugin"); const ForkTsCheckerWebpackPlugin = require("fork-ts-checker-webpack-plugin");
const webpack = require("webpack");
module.exports = { module.exports = {
runtimeCompiler: true,
filenameHashing: true,
productionSourceMap: false,
outputDir: path.resolve(__dirname, "../priv/static"), outputDir: path.resolve(__dirname, "../priv/static"),
configureWebpack: (config) => { configureWebpack: (config) => {
// Limit the used memory when building // Limit the used memory when building
@ -26,6 +24,12 @@ module.exports = {
forkTsCheckerOptions.memoryLimit = process.env.NODE_BUILD_MEMORY || 2048; forkTsCheckerOptions.memoryLimit = process.env.NODE_BUILD_MEMORY || 2048;
config.plugins.push(new ForkTsCheckerWebpackPlugin(forkTsCheckerOptions)); config.plugins.push(new ForkTsCheckerWebpackPlugin(forkTsCheckerOptions));
config.plugins.push(
new webpack.DefinePlugin({
global: "window", // Placeholder for global used in any node_modules
})
);
config.node.global = false;
}, },
chainWebpack: (config) => { chainWebpack: (config) => {
// remove the prefetch plugin // remove the prefetch plugin

6
js/yarn.lock
View file

@ -12399,9 +12399,9 @@ vue-resize@^1.0.0:
integrity sha512-SkIi19neeJClapYavfmHiewFZkkTfITVWskg/dIL8b1Eb+RlvnCb8fjGUwLjQJmsw2qsRiiAo4o7BAJVM4pcOA== integrity sha512-SkIi19neeJClapYavfmHiewFZkkTfITVWskg/dIL8b1Eb+RlvnCb8fjGUwLjQJmsw2qsRiiAo4o7BAJVM4pcOA==
vue-router@^3.1.6: vue-router@^3.1.6:
version "3.5.0" version "3.5.1"
resolved "https://registry.yarnpkg.com/vue-router/-/vue-router-3.5.0.tgz#ae49da16a2939f8d28d66d5784b14167d661192f" resolved "https://registry.yarnpkg.com/vue-router/-/vue-router-3.5.1.tgz#edf3cf4907952d1e0583e079237220c5ff6eb6c9"
integrity sha512-QYrPzHMJiJCq20ezhlGok+NbrmjzhQDG6pnpJaD14Eg3NvT07s3acYz2ktxJ7vGHd/Ts4TgG9Tt8a2PA+Js5fw== integrity sha512-RRQNLT8Mzr8z7eL4p7BtKvRaTSGdCbTy2+Mm5HTJvLGYSSeG9gDzNasJPP/yOYKLy+/cLG/ftrqq5fvkFwBJEw==
vue-scrollto@^2.17.1: vue-scrollto@^2.17.1:
version "2.20.0" version "2.20.0"

11
lib/web/plugs/http_security_plug.ex
View file

@ -60,19 +60,14 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlug do
if Config.get(:env) == :dev do if Config.get(:env) == :dev do
"script-src 'self' 'unsafe-eval' 'unsafe-inline' " "script-src 'self' 'unsafe-eval' 'unsafe-inline' "
else else
"script-src 'self' " "script-src 'self' 'unsafe-eval' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' "
end end
script_src = [script_src] ++ Config.get([:http_security, :csp_policy, :script_src]) script_src = [script_src] ++ Config.get([:http_security, :csp_policy, :script_src])
style_src = style_src =
if Config.get(:env) == :dev do ["style-src 'self' 'unsafe-inline' "] ++
"style-src 'self' 'unsafe-inline' " Config.get([:http_security, :csp_policy, :style_src])
else
"style-src 'self' "
end
style_src = [style_src] ++ Config.get([:http_security, :csp_policy, :style_src])
font_src = ["font-src 'self' "] ++ Config.get([:http_security, :csp_policy, :font_src]) font_src = ["font-src 'self' "] ++ Config.get([:http_security, :csp_policy, :font_src])