forked from potsda.mn/mobilizon
Merge branch 'homepage-webperf' into 'main'
Fix building CSP policy See merge request framasoft/mobilizon!1321
This commit is contained in:
commit
8e0f6bd173
|
@ -368,7 +368,7 @@ config :mobilizon, Mobilizon.Service.GlobalSearch,
|
||||||
config :mobilizon, Mobilizon.Service.GlobalSearch.SearchMobilizon,
|
config :mobilizon, Mobilizon.Service.GlobalSearch.SearchMobilizon,
|
||||||
endpoint: "https://search.joinmobilizon.org",
|
endpoint: "https://search.joinmobilizon.org",
|
||||||
csp_policy: [
|
csp_policy: [
|
||||||
img_src: "search.joinmobilizon.org"
|
img_src: ["search.joinmobilizon.org"]
|
||||||
]
|
]
|
||||||
|
|
||||||
# Import environment specific config. This must remain at the bottom
|
# Import environment specific config. This must remain at the bottom
|
||||||
|
|
|
@ -29,7 +29,7 @@
|
||||||
width="384"
|
width="384"
|
||||||
height="384"
|
height="384"
|
||||||
alt=""
|
alt=""
|
||||||
loading="lazy"
|
:loading="imageLazy ? 'lazy' : undefined"
|
||||||
/>
|
/>
|
||||||
</picture>
|
</picture>
|
||||||
<p
|
<p
|
||||||
|
@ -71,9 +71,11 @@ withDefaults(
|
||||||
defineProps<{
|
defineProps<{
|
||||||
category: CategoryStatsModel;
|
category: CategoryStatsModel;
|
||||||
withDetails?: boolean;
|
withDetails?: boolean;
|
||||||
|
imageLazy?: boolean;
|
||||||
}>(),
|
}>(),
|
||||||
{
|
{
|
||||||
withDetails: false,
|
withDetails: false,
|
||||||
|
imageLazy: true,
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
:key="category.key"
|
:key="category.key"
|
||||||
:category="category"
|
:category="category"
|
||||||
:with-details="false"
|
:with-details="false"
|
||||||
|
:imageLazy="false"
|
||||||
/>
|
/>
|
||||||
<router-link
|
<router-link
|
||||||
:to="{ name: RouteName.CATEGORIES }"
|
:to="{ name: RouteName.CATEGORIES }"
|
||||||
|
|
|
@ -17,6 +17,7 @@
|
||||||
:class="imageOpacity"
|
:class="imageOpacity"
|
||||||
alt=""
|
alt=""
|
||||||
src=""
|
src=""
|
||||||
|
loading="lazy"
|
||||||
/>
|
/>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -428,6 +428,7 @@ uploadMediaDone(({ data }) => {
|
||||||
.focus()
|
.focus()
|
||||||
.setImage({
|
.setImage({
|
||||||
src: data.uploadMedia.url,
|
src: data.uploadMedia.url,
|
||||||
|
alt: '',
|
||||||
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
|
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
|
||||||
// @ts-ignore
|
// @ts-ignore
|
||||||
"data-media-id": data.uploadMedia.id,
|
"data-media-id": data.uploadMedia.id,
|
||||||
|
|
|
@ -119,13 +119,8 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlug do
|
||||||
|
|
||||||
font_src = [@font_src] ++ [get_csp_config(:font_src, options)]
|
font_src = [@font_src] ++ [get_csp_config(:font_src, options)]
|
||||||
|
|
||||||
frame_src = if Config.get(:env) == :dev, do: "frame-src 'self' ", else: "frame-src 'none' "
|
frame_src = build_csp_field(:frame_src, options)
|
||||||
frame_src = [frame_src] ++ [get_csp_config(:frame_src, options)]
|
frame_ancestors = build_csp_field(:frame_ancestors, options)
|
||||||
|
|
||||||
frame_ancestors =
|
|
||||||
if Config.get(:env) == :dev, do: "frame-ancestors 'self' ", else: "frame-ancestors 'none' "
|
|
||||||
|
|
||||||
frame_ancestors = [frame_ancestors] ++ [get_csp_config(:frame_ancestors, options)]
|
|
||||||
|
|
||||||
report = if report_uri, do: ["report-uri ", report_uri, " ; report-to csp-endpoint"]
|
report = if report_uri, do: ["report-uri ", report_uri, " ; report-to csp-endpoint"]
|
||||||
insecure = if scheme == "https", do: "upgrade-insecure-requests"
|
insecure = if scheme == "https", do: "upgrade-insecure-requests"
|
||||||
|
@ -162,9 +157,9 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlug do
|
||||||
@spec get_csp_config(atom(), Keyword.t()) :: iodata()
|
@spec get_csp_config(atom(), Keyword.t()) :: iodata()
|
||||||
defp get_csp_config(type, options) do
|
defp get_csp_config(type, options) do
|
||||||
config_policy = Keyword.get(options, type, Config.get([:http_security, :csp_policy, type]))
|
config_policy = Keyword.get(options, type, Config.get([:http_security, :csp_policy, type]))
|
||||||
front_end_analytics_policy = [Keyword.get(FrontEndAnalytics.csp(), type, [])]
|
front_end_analytics_policy = Keyword.get(FrontEndAnalytics.csp(), type, [])
|
||||||
global_search_policy = [Keyword.get(GlobalSearch.service().csp(), type, [])]
|
global_search_policy = Keyword.get(GlobalSearch.service().csp(), type, [])
|
||||||
pictures_policy = [Keyword.get(Pictures.service().csp(), type, [])]
|
pictures_policy = Keyword.get(Pictures.service().csp(), type, [])
|
||||||
|
|
||||||
resource_providers = Config.get([Mobilizon.Service.ResourceProviders, :csp_policy, type], [])
|
resource_providers = Config.get([Mobilizon.Service.ResourceProviders, :csp_policy, type], [])
|
||||||
|
|
||||||
|
@ -175,4 +170,21 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlug do
|
||||||
" "
|
" "
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp build_csp_field(type, options) do
|
||||||
|
csp_config = get_csp_config(type, options)
|
||||||
|
|
||||||
|
csp_config =
|
||||||
|
if Config.get(:env) == :dev do
|
||||||
|
[csp_config] ++ ["'self'"]
|
||||||
|
else
|
||||||
|
if csp_config == "" do
|
||||||
|
["'none'"]
|
||||||
|
else
|
||||||
|
[csp_config]
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
Enum.join([type |> to_string() |> String.replace("_", "-")] ++ csp_config, " ")
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -93,7 +93,7 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlugTest do
|
||||||
[csp] = Conn.get_resp_header(conn, "content-security-policy")
|
[csp] = Conn.get_resp_header(conn, "content-security-policy")
|
||||||
|
|
||||||
assert csp =~
|
assert csp =~
|
||||||
~r/script-src 'self' 'unsafe-eval' 'sha256-[\w+\/=]*' 'sha256-[\w+\/=]*' example.com matomo.example.com\s+;/
|
~r/script-src 'self' 'unsafe-eval' 'sha256-[\w+\/=]*' 'sha256-[\w+\/=]*' example.com matomo.example.com;/
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue