Fix CSP issues in production
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel
parent
c596d7e478
commit
e933004daf
|
|
@ -37,5 +37,6 @@ new Vue({
|
|||
el: "#app",
|
||||
template: "<App/>",
|
||||
components: { App },
|
||||
render: (h) => h(App),
|
||||
i18n,
|
||||
});
|
||||
|
|
|
|||
|
|
@ -1,10 +1,8 @@
|
|||
const path = require("path");
|
||||
const ForkTsCheckerWebpackPlugin = require("fork-ts-checker-webpack-plugin");
|
||||
const webpack = require("webpack");
|
||||
|
||||
module.exports = {
|
||||
runtimeCompiler: true,
|
||||
filenameHashing: true,
|
||||
productionSourceMap: false,
|
||||
outputDir: path.resolve(__dirname, "../priv/static"),
|
||||
configureWebpack: (config) => {
|
||||
// Limit the used memory when building
|
||||
|
|
@ -26,6 +24,12 @@ module.exports = {
|
|||
forkTsCheckerOptions.memoryLimit = process.env.NODE_BUILD_MEMORY || 2048;
|
||||
|
||||
config.plugins.push(new ForkTsCheckerWebpackPlugin(forkTsCheckerOptions));
|
||||
config.plugins.push(
|
||||
new webpack.DefinePlugin({
|
||||
global: "window", // Placeholder for global used in any node_modules
|
||||
})
|
||||
);
|
||||
config.node.global = false;
|
||||
},
|
||||
chainWebpack: (config) => {
|
||||
// remove the prefetch plugin
|
||||
|
|
|
|||
|
|
@ -12399,9 +12399,9 @@ vue-resize@^1.0.0:
|
|||
integrity sha512-SkIi19neeJClapYavfmHiewFZkkTfITVWskg/dIL8b1Eb+RlvnCb8fjGUwLjQJmsw2qsRiiAo4o7BAJVM4pcOA==
|
||||
|
||||
vue-router@^3.1.6:
|
||||
version "3.5.0"
|
||||
resolved "https://registry.yarnpkg.com/vue-router/-/vue-router-3.5.0.tgz#ae49da16a2939f8d28d66d5784b14167d661192f"
|
||||
integrity sha512-QYrPzHMJiJCq20ezhlGok+NbrmjzhQDG6pnpJaD14Eg3NvT07s3acYz2ktxJ7vGHd/Ts4TgG9Tt8a2PA+Js5fw==
|
||||
version "3.5.1"
|
||||
resolved "https://registry.yarnpkg.com/vue-router/-/vue-router-3.5.1.tgz#edf3cf4907952d1e0583e079237220c5ff6eb6c9"
|
||||
integrity sha512-RRQNLT8Mzr8z7eL4p7BtKvRaTSGdCbTy2+Mm5HTJvLGYSSeG9gDzNasJPP/yOYKLy+/cLG/ftrqq5fvkFwBJEw==
|
||||
|
||||
vue-scrollto@^2.17.1:
|
||||
version "2.20.0"
|
||||
|
|
|
|||
|
|
@ -60,19 +60,14 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlug do
|
|||
if Config.get(:env) == :dev do
|
||||
"script-src 'self' 'unsafe-eval' 'unsafe-inline' "
|
||||
else
|
||||
"script-src 'self' "
|
||||
"script-src 'self' 'unsafe-eval' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' "
|
||||
end
|
||||
|
||||
script_src = [script_src] ++ Config.get([:http_security, :csp_policy, :script_src])
|
||||
|
||||
style_src =
|
||||
if Config.get(:env) == :dev do
|
||||
"style-src 'self' 'unsafe-inline' "
|
||||
else
|
||||
"style-src 'self' "
|
||||
end
|
||||
|
||||
style_src = [style_src] ++ Config.get([:http_security, :csp_policy, :style_src])
|
||||
["style-src 'self' 'unsafe-inline' "] ++
|
||||
Config.get([:http_security, :csp_policy, :style_src])
|
||||
|
||||
font_src = ["font-src 'self' "] ++ Config.get([:http_security, :csp_policy, :font_src])
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue