From 0d10e3d5ce751b3fbd79554504b33bf83b75ac2d Mon Sep 17 00:00:00 2001
From: Patrizio Bekerle <patrizio@bekerle.com>
Date: Thu, 16 Apr 2020 11:10:32 +0200
Subject: [PATCH] Add pdf-as servers and www.handy-signatur.at to
 Content-Security-Policy (#4)

---
 assets/.htaccess.ejs | 2 +-
 rollup.config.js     | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/assets/.htaccess.ejs b/assets/.htaccess.ejs
index bc8e8cd..321058f 100644
--- a/assets/.htaccess.ejs
+++ b/assets/.htaccess.ejs
@@ -4,7 +4,7 @@ DirectoryIndex <%= geturl('vpu-signature.html') %>
 </FilesMatch>
 
 Header set Cache-Control "must-revalidate, max-age=60"
-Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.tugraz.at <%= keyCloakServer %> <%= entryPointURL %> httpbin.org; img-src *"
+Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.tugraz.at <%= keyCloakServer %> <%= entryPointURL %> httpbin.org www.handy-signatur.at <%= pdfAsQualifiedlySigningServer %>; img-src *"
 
 # Apache adds a "-gzip" suffix to the etag when it uses gzip but doesn't
 # take that into account when receiving requests.
diff --git a/rollup.config.js b/rollup.config.js
index 4d5c9ce..d7e0f2a 100644
--- a/rollup.config.js
+++ b/rollup.config.js
@@ -33,6 +33,7 @@ let basePath = '';
 let entryPointURL = '';
 let keyCloakServer = '';
 let keyCloakBaseURL = '';
+let pdfAsQualifiedlySigningServer = 'sig-dev.tugraz.at';
 let matomoSiteId = 131;
 let useTerser = true;
 let useBabel = true;
@@ -62,6 +63,7 @@ switch (build) {
     entryPointURL = 'https://signature.tugraz.at';
     keyCloakServer = 'auth.tugraz.at';
     keyCloakBaseURL = 'https://' + keyCloakServer + '/auth';
+    pdfAsQualifiedlySigningServer = 'sig.tugraz.at';
     matomoSiteId = 130;
     break;
   case 'test':
@@ -191,6 +193,7 @@ export default {
             entryPointURL: entryPointURL,
             keyCloakServer: keyCloakServer,
             keyCloakBaseURL: keyCloakBaseURL,
+            pdfAsQualifiedlySigningServer: pdfAsQualifiedlySigningServer,
             environment: build,
             matomoSiteId: matomoSiteId,
             buildinfo: getBuildInfo()
@@ -264,7 +267,7 @@ export default {
           historyApiFallback: basePath + pkg.name + '.html',
           https: USE_HTTPS ? generateTLSConfig() : false,
           headers: {
-              'Content-Security-Policy': `default-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.tugraz.at ${keyCloakServer} ${entryPointURL} httpbin.org; img-src *`
+              'Content-Security-Policy': `default-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.tugraz.at ${keyCloakServer} ${entryPointURL} httpbin.org www.handy-signatur.at ${pdfAsQualifiedlySigningServer} ; img-src *`
           },
         }) : false
     ]
-- 
GitLab