diff --git a/app.config.js b/app.config.js
index 5fbba00401416f23d8be33e09be5507b443dc64d..6557fe0718cba1311f18fe19bcba9bf311d4a159 100644
--- a/app.config.js
+++ b/app.config.js
@@ -7,6 +7,7 @@ export default {
matomoUrl: 'https://analytics.tugraz.at/',
matomoSiteId: 131,
nextcloudBaseURL: 'http://localhost:8081',
+ nextcloudName: 'TU Graz cloud',
pdfAsQualifiedlySigningServer: 'https://sig-dev.tugraz.at',
},
bs: {
@@ -17,6 +18,7 @@ export default {
matomoUrl: 'https://analytics.tugraz.at/',
matomoSiteId: 131,
nextcloudBaseURL: 'http://bs-local.com:8081',
+ nextcloudName: 'TU Graz cloud',
pdfAsQualifiedlySigningServer: 'https://sig-dev.tugraz.at',
},
development: {
@@ -27,6 +29,7 @@ export default {
matomoUrl: 'https://analytics.tugraz.at/',
matomoSiteId: 131,
nextcloudBaseURL: 'https://nc-dev.tugraz.at/pers',
+ nextcloudName: 'TU Graz cloud',
pdfAsQualifiedlySigningServer: 'https://sig-dev.tugraz.at',
},
demo: {
@@ -37,6 +40,7 @@ export default {
matomoUrl: 'https://analytics.tugraz.at/',
matomoSiteId: 131,
nextcloudBaseURL: 'https://cloud.tugraz.at',
+ nextcloudName: 'TU Graz cloud',
pdfAsQualifiedlySigningServer: 'https://sig-test.tugraz.at',
},
production: {
@@ -47,6 +51,7 @@ export default {
matomoUrl: 'https://analytics.tugraz.at/',
matomoSiteId: 137,
nextcloudBaseURL: '',
+ nextcloudName: '',
pdfAsQualifiedlySigningServer: 'https://sig.tugraz.at',
},
};
\ No newline at end of file
diff --git a/assets/.htaccess.ejs b/assets/.htaccess.ejs
index be754ead3713e5f2eb1605c6d29c1ba34202a68e..8ac7af5b3ebdc612ae91dfa2ded0bb7526c620ac 100644
--- a/assets/.htaccess.ejs
+++ b/assets/.htaccess.ejs
@@ -4,7 +4,7 @@ DirectoryIndex <%= getUrl(name + '.html') %>
</FilesMatch>
Header set Cache-Control "must-revalidate, max-age=60"
-Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline' <%= matomoUrl %> <%= keyCloakServer %> <%= entryPointURL %> httpbin.org <%= nextcloudBaseURL %> www.handy-signatur.at <%= pdfAsQualifiedlySigningServer %>; img-src * blob: data:"
+Header set Content-Security-Policy "<%= CSP %>"
# Apache adds a "-gzip" suffix to the etag when it uses gzip but doesn't
# take that into account when receiving requests.
diff --git a/rollup.config.js b/rollup.config.js
index 1f413ed18d91fc9fcd677ca6aa4bbe5b064b1d96..95d4b7102e922f273e064843a61ad93578aa20ed 100644
--- a/rollup.config.js
+++ b/rollup.config.js
@@ -17,15 +17,6 @@ import appConfig from './app.config.js';
import {getPackagePath, getBuildInfo} from './vendor/toolkit/rollup.utils.js';
import {generateTLSConfig} from './rollup.utils.js';
-// -------------------------------
-
-// Some new web APIs are only available when HTTPS is active.
-// Note that this only works with a Non-HTTPS API endpoint with Chrome,
-// Firefox will emit CORS errors, see https://bugzilla.mozilla.org/show_bug.cgi?id=1488740
-const USE_HTTPS = false;
-
-// -------------------------------
-
const pkg = require('./package.json');
const appEnv = (typeof process.env.APP_ENV !== 'undefined') ? process.env.APP_ENV : 'local';
const watch = process.env.ROLLUP_WATCH === 'true';
@@ -33,6 +24,7 @@ const buildFull = (!watch && appEnv !== 'test') || (process.env.FORCE_FULL !== u
let useTerser = buildFull;
let useBabel = buildFull;
let checkLicenses = buildFull;
+let useHTTPS = false;
console.log("APP_ENV: " + appEnv);
@@ -48,6 +40,7 @@ if (appEnv in appConfig) {
matomoUrl: '',
matomoSiteId: -1,
nextcloudBaseURL: 'https://test',
+ nextcloudName: '',
pdfAsQualifiedlySigningServer: 'https://test'
};
} else {
@@ -55,21 +48,29 @@ if (appEnv in appConfig) {
process.exit(1);
}
-config.keyCloakServer = new URL(config.keyCloakBaseURL).origin;
-config.nextcloudName = 'TU Graz cloud';
-
if (config.nextcloudBaseURL) {
config.nextcloudFileURL = config.nextcloudBaseURL + '/index.php/apps/files/?dir=';
- config.nextcloudOrigin = new URL(config.nextcloudBaseURL).origin;
config.nextcloudWebAppPasswordURL = config.nextcloudBaseURL + '/index.php/apps/webapppassword';
config.nextcloudWebDavURL = config.nextcloudBaseURL + '/remote.php/dav/files';
} else {
config.nextcloudFileURL = '';
- config.nextcloudOrigin = '';
config.nextcloudWebAppPasswordURL = '';
config.nextcloudWebDavURL = '';
}
+function getOrigin(url) {
+ if (url)
+ return new URL(url).origin;
+ return '';
+}
+
+config.CSP = `default-src 'self' 'unsafe-eval' 'unsafe-inline' \
+${getOrigin(config.matomoUrl)} ${getOrigin(config.keyCloakBaseURL)} ${getOrigin(config.entryPointURL)} \
+httpbin.org ${getOrigin(config.nextcloudBaseURL)} www.handy-signatur.at \
+${getOrigin(config.pdfAsQualifiedlySigningServer)}; \
+img-src * blob: data:`;
+
+
export default (async () => {return {
input: (appEnv != 'test') ? [
'src/' + pkg.name + '.js',
@@ -129,11 +130,10 @@ export default (async () => {return {
nextcloudBaseURL: config.nextcloudBaseURL,
nextcloudFileURL: config.nextcloudFileURL,
nextcloudName: config.nextcloudName,
- keyCloakServer: config.keyCloakServer,
keyCloakBaseURL: config.keyCloakBaseURL,
keyCloakClientId: config.keyCloakClientId,
- pdfAsQualifiedlySigningServer: config.pdfAsQualifiedlySigningServer,
environment: appEnv,
+ CSP: config.CSP,
matomoUrl: config.matomoUrl,
matomoSiteId: config.matomoSiteId,
buildInfo: getBuildInfo(appEnv)
@@ -220,9 +220,9 @@ Dependencies:
host: '127.0.0.1',
port: 8001,
historyApiFallback: config.basePath + pkg.name + '.html',
- https: USE_HTTPS ? generateTLSConfig() : false,
+ https: useHTTPS ? generateTLSConfig() : false,
headers: {
- 'Content-Security-Policy': `default-src 'self' 'unsafe-eval' 'unsafe-inline' ${config.matomoUrl} ${config.keyCloakServer} ${config.entryPointURL} httpbin.org ${config.nextcloudOrigin} www.handy-signatur.at ${config.pdfAsQualifiedlySigningServer} ; img-src * blob: data:`
+ 'Content-Security-Policy': config.CSP
},
}) : false
]