Skip to content
Snippets Groups Projects
Unverified Commit 0d10e3d5 authored by Bekerle, Patrizio's avatar Bekerle, Patrizio :fire:
Browse files

Add pdf-as servers and www.handy-signatur.at to Content-Security-Policy (#4)

parent e834ec3f
No related branches found
No related tags found
No related merge requests found
Pipeline #10056 passed with warnings
...@@ -4,7 +4,7 @@ DirectoryIndex <%= geturl('vpu-signature.html') %> ...@@ -4,7 +4,7 @@ DirectoryIndex <%= geturl('vpu-signature.html') %>
</FilesMatch> </FilesMatch>
Header set Cache-Control "must-revalidate, max-age=60" Header set Cache-Control "must-revalidate, max-age=60"
Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.tugraz.at <%= keyCloakServer %> <%= entryPointURL %> httpbin.org; img-src *" Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.tugraz.at <%= keyCloakServer %> <%= entryPointURL %> httpbin.org www.handy-signatur.at <%= pdfAsQualifiedlySigningServer %>; img-src *"
# Apache adds a "-gzip" suffix to the etag when it uses gzip but doesn't # Apache adds a "-gzip" suffix to the etag when it uses gzip but doesn't
# take that into account when receiving requests. # take that into account when receiving requests.
......
...@@ -33,6 +33,7 @@ let basePath = ''; ...@@ -33,6 +33,7 @@ let basePath = '';
let entryPointURL = ''; let entryPointURL = '';
let keyCloakServer = ''; let keyCloakServer = '';
let keyCloakBaseURL = ''; let keyCloakBaseURL = '';
let pdfAsQualifiedlySigningServer = 'sig-dev.tugraz.at';
let matomoSiteId = 131; let matomoSiteId = 131;
let useTerser = true; let useTerser = true;
let useBabel = true; let useBabel = true;
...@@ -62,6 +63,7 @@ switch (build) { ...@@ -62,6 +63,7 @@ switch (build) {
entryPointURL = 'https://signature.tugraz.at'; entryPointURL = 'https://signature.tugraz.at';
keyCloakServer = 'auth.tugraz.at'; keyCloakServer = 'auth.tugraz.at';
keyCloakBaseURL = 'https://' + keyCloakServer + '/auth'; keyCloakBaseURL = 'https://' + keyCloakServer + '/auth';
pdfAsQualifiedlySigningServer = 'sig.tugraz.at';
matomoSiteId = 130; matomoSiteId = 130;
break; break;
case 'test': case 'test':
...@@ -191,6 +193,7 @@ export default { ...@@ -191,6 +193,7 @@ export default {
entryPointURL: entryPointURL, entryPointURL: entryPointURL,
keyCloakServer: keyCloakServer, keyCloakServer: keyCloakServer,
keyCloakBaseURL: keyCloakBaseURL, keyCloakBaseURL: keyCloakBaseURL,
pdfAsQualifiedlySigningServer: pdfAsQualifiedlySigningServer,
environment: build, environment: build,
matomoSiteId: matomoSiteId, matomoSiteId: matomoSiteId,
buildinfo: getBuildInfo() buildinfo: getBuildInfo()
...@@ -264,7 +267,7 @@ export default { ...@@ -264,7 +267,7 @@ export default {
historyApiFallback: basePath + pkg.name + '.html', historyApiFallback: basePath + pkg.name + '.html',
https: USE_HTTPS ? generateTLSConfig() : false, https: USE_HTTPS ? generateTLSConfig() : false,
headers: { headers: {
'Content-Security-Policy': `default-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.tugraz.at ${keyCloakServer} ${entryPointURL} httpbin.org; img-src *` 'Content-Security-Policy': `default-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.tugraz.at ${keyCloakServer} ${entryPointURL} httpbin.org www.handy-signatur.at ${pdfAsQualifiedlySigningServer} ; img-src *`
}, },
}) : false }) : false
] ]
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment