Fix CSP issues in production

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2021-01-26 16:39:50 +01:00
parent c596d7e478
commit e933004daf
No known key found for this signature in database
GPG key ID: A061B9DDE0CA0773
4 changed files with 14 additions and 14 deletions

View file

@ -37,5 +37,6 @@ new Vue({
el: "#app",
template: "<App/>",
components: { App },
render: (h) => h(App),
i18n,
});

View file

@ -1,10 +1,8 @@
const path = require("path");
const ForkTsCheckerWebpackPlugin = require("fork-ts-checker-webpack-plugin");
const webpack = require("webpack");
module.exports = {
runtimeCompiler: true,
filenameHashing: true,
productionSourceMap: false,
outputDir: path.resolve(__dirname, "../priv/static"),
configureWebpack: (config) => {
// Limit the used memory when building
@ -26,6 +24,12 @@ module.exports = {
forkTsCheckerOptions.memoryLimit = process.env.NODE_BUILD_MEMORY || 2048;
config.plugins.push(new ForkTsCheckerWebpackPlugin(forkTsCheckerOptions));
config.plugins.push(
new webpack.DefinePlugin({
global: "window", // Placeholder for global used in any node_modules
})
);
config.node.global = false;
},
chainWebpack: (config) => {
// remove the prefetch plugin

View file

@ -12399,9 +12399,9 @@ vue-resize@^1.0.0:
integrity sha512-SkIi19neeJClapYavfmHiewFZkkTfITVWskg/dIL8b1Eb+RlvnCb8fjGUwLjQJmsw2qsRiiAo4o7BAJVM4pcOA==
vue-router@^3.1.6:
version "3.5.0"
resolved "https://registry.yarnpkg.com/vue-router/-/vue-router-3.5.0.tgz#ae49da16a2939f8d28d66d5784b14167d661192f"
integrity sha512-QYrPzHMJiJCq20ezhlGok+NbrmjzhQDG6pnpJaD14Eg3NvT07s3acYz2ktxJ7vGHd/Ts4TgG9Tt8a2PA+Js5fw==
version "3.5.1"
resolved "https://registry.yarnpkg.com/vue-router/-/vue-router-3.5.1.tgz#edf3cf4907952d1e0583e079237220c5ff6eb6c9"
integrity sha512-RRQNLT8Mzr8z7eL4p7BtKvRaTSGdCbTy2+Mm5HTJvLGYSSeG9gDzNasJPP/yOYKLy+/cLG/ftrqq5fvkFwBJEw==
vue-scrollto@^2.17.1:
version "2.20.0"

View file

@ -60,19 +60,14 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlug do
if Config.get(:env) == :dev do
"script-src 'self' 'unsafe-eval' 'unsafe-inline' "
else
"script-src 'self' "
"script-src 'self' 'unsafe-eval' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' "
end
script_src = [script_src] ++ Config.get([:http_security, :csp_policy, :script_src])
style_src =
if Config.get(:env) == :dev do
"style-src 'self' 'unsafe-inline' "
else
"style-src 'self' "
end
style_src = [style_src] ++ Config.get([:http_security, :csp_policy, :style_src])
["style-src 'self' 'unsafe-inline' "] ++
Config.get([:http_security, :csp_policy, :style_src])
font_src = ["font-src 'self' "] ++ Config.get([:http_security, :csp_policy, :font_src])