Skip to content
Snippets Groups Projects
Commit 197f0438 authored by Reiter, Christoph's avatar Reiter, Christoph :snake:
Browse files

Generate the CSP in rollup once; More config cleanup

parent 1bf53554
No related branches found
No related tags found
No related merge requests found
...@@ -7,6 +7,7 @@ export default { ...@@ -7,6 +7,7 @@ export default {
matomoUrl: 'https://analytics.tugraz.at/', matomoUrl: 'https://analytics.tugraz.at/',
matomoSiteId: 131, matomoSiteId: 131,
nextcloudBaseURL: 'http://localhost:8081', nextcloudBaseURL: 'http://localhost:8081',
nextcloudName: 'TU Graz cloud',
pdfAsQualifiedlySigningServer: 'https://sig-dev.tugraz.at', pdfAsQualifiedlySigningServer: 'https://sig-dev.tugraz.at',
}, },
bs: { bs: {
...@@ -17,6 +18,7 @@ export default { ...@@ -17,6 +18,7 @@ export default {
matomoUrl: 'https://analytics.tugraz.at/', matomoUrl: 'https://analytics.tugraz.at/',
matomoSiteId: 131, matomoSiteId: 131,
nextcloudBaseURL: 'http://bs-local.com:8081', nextcloudBaseURL: 'http://bs-local.com:8081',
nextcloudName: 'TU Graz cloud',
pdfAsQualifiedlySigningServer: 'https://sig-dev.tugraz.at', pdfAsQualifiedlySigningServer: 'https://sig-dev.tugraz.at',
}, },
development: { development: {
...@@ -27,6 +29,7 @@ export default { ...@@ -27,6 +29,7 @@ export default {
matomoUrl: 'https://analytics.tugraz.at/', matomoUrl: 'https://analytics.tugraz.at/',
matomoSiteId: 131, matomoSiteId: 131,
nextcloudBaseURL: 'https://nc-dev.tugraz.at/pers', nextcloudBaseURL: 'https://nc-dev.tugraz.at/pers',
nextcloudName: 'TU Graz cloud',
pdfAsQualifiedlySigningServer: 'https://sig-dev.tugraz.at', pdfAsQualifiedlySigningServer: 'https://sig-dev.tugraz.at',
}, },
demo: { demo: {
...@@ -37,6 +40,7 @@ export default { ...@@ -37,6 +40,7 @@ export default {
matomoUrl: 'https://analytics.tugraz.at/', matomoUrl: 'https://analytics.tugraz.at/',
matomoSiteId: 131, matomoSiteId: 131,
nextcloudBaseURL: 'https://cloud.tugraz.at', nextcloudBaseURL: 'https://cloud.tugraz.at',
nextcloudName: 'TU Graz cloud',
pdfAsQualifiedlySigningServer: 'https://sig-test.tugraz.at', pdfAsQualifiedlySigningServer: 'https://sig-test.tugraz.at',
}, },
production: { production: {
...@@ -47,6 +51,7 @@ export default { ...@@ -47,6 +51,7 @@ export default {
matomoUrl: 'https://analytics.tugraz.at/', matomoUrl: 'https://analytics.tugraz.at/',
matomoSiteId: 137, matomoSiteId: 137,
nextcloudBaseURL: '', nextcloudBaseURL: '',
nextcloudName: '',
pdfAsQualifiedlySigningServer: 'https://sig.tugraz.at', pdfAsQualifiedlySigningServer: 'https://sig.tugraz.at',
}, },
}; };
\ No newline at end of file
...@@ -4,7 +4,7 @@ DirectoryIndex <%= getUrl(name + '.html') %> ...@@ -4,7 +4,7 @@ DirectoryIndex <%= getUrl(name + '.html') %>
</FilesMatch> </FilesMatch>
Header set Cache-Control "must-revalidate, max-age=60" Header set Cache-Control "must-revalidate, max-age=60"
Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline' <%= matomoUrl %> <%= keyCloakServer %> <%= entryPointURL %> httpbin.org <%= nextcloudBaseURL %> www.handy-signatur.at <%= pdfAsQualifiedlySigningServer %>; img-src * blob: data:" Header set Content-Security-Policy "<%= CSP %>"
# Apache adds a "-gzip" suffix to the etag when it uses gzip but doesn't # Apache adds a "-gzip" suffix to the etag when it uses gzip but doesn't
# take that into account when receiving requests. # take that into account when receiving requests.
......
...@@ -17,15 +17,6 @@ import appConfig from './app.config.js'; ...@@ -17,15 +17,6 @@ import appConfig from './app.config.js';
import {getPackagePath, getBuildInfo} from './vendor/toolkit/rollup.utils.js'; import {getPackagePath, getBuildInfo} from './vendor/toolkit/rollup.utils.js';
import {generateTLSConfig} from './rollup.utils.js'; import {generateTLSConfig} from './rollup.utils.js';
// -------------------------------
// Some new web APIs are only available when HTTPS is active.
// Note that this only works with a Non-HTTPS API endpoint with Chrome,
// Firefox will emit CORS errors, see https://bugzilla.mozilla.org/show_bug.cgi?id=1488740
const USE_HTTPS = false;
// -------------------------------
const pkg = require('./package.json'); const pkg = require('./package.json');
const appEnv = (typeof process.env.APP_ENV !== 'undefined') ? process.env.APP_ENV : 'local'; const appEnv = (typeof process.env.APP_ENV !== 'undefined') ? process.env.APP_ENV : 'local';
const watch = process.env.ROLLUP_WATCH === 'true'; const watch = process.env.ROLLUP_WATCH === 'true';
...@@ -33,6 +24,7 @@ const buildFull = (!watch && appEnv !== 'test') || (process.env.FORCE_FULL !== u ...@@ -33,6 +24,7 @@ const buildFull = (!watch && appEnv !== 'test') || (process.env.FORCE_FULL !== u
let useTerser = buildFull; let useTerser = buildFull;
let useBabel = buildFull; let useBabel = buildFull;
let checkLicenses = buildFull; let checkLicenses = buildFull;
let useHTTPS = false;
console.log("APP_ENV: " + appEnv); console.log("APP_ENV: " + appEnv);
...@@ -48,6 +40,7 @@ if (appEnv in appConfig) { ...@@ -48,6 +40,7 @@ if (appEnv in appConfig) {
matomoUrl: '', matomoUrl: '',
matomoSiteId: -1, matomoSiteId: -1,
nextcloudBaseURL: 'https://test', nextcloudBaseURL: 'https://test',
nextcloudName: '',
pdfAsQualifiedlySigningServer: 'https://test' pdfAsQualifiedlySigningServer: 'https://test'
}; };
} else { } else {
...@@ -55,21 +48,29 @@ if (appEnv in appConfig) { ...@@ -55,21 +48,29 @@ if (appEnv in appConfig) {
process.exit(1); process.exit(1);
} }
config.keyCloakServer = new URL(config.keyCloakBaseURL).origin;
config.nextcloudName = 'TU Graz cloud';
if (config.nextcloudBaseURL) { if (config.nextcloudBaseURL) {
config.nextcloudFileURL = config.nextcloudBaseURL + '/index.php/apps/files/?dir='; config.nextcloudFileURL = config.nextcloudBaseURL + '/index.php/apps/files/?dir=';
config.nextcloudOrigin = new URL(config.nextcloudBaseURL).origin;
config.nextcloudWebAppPasswordURL = config.nextcloudBaseURL + '/index.php/apps/webapppassword'; config.nextcloudWebAppPasswordURL = config.nextcloudBaseURL + '/index.php/apps/webapppassword';
config.nextcloudWebDavURL = config.nextcloudBaseURL + '/remote.php/dav/files'; config.nextcloudWebDavURL = config.nextcloudBaseURL + '/remote.php/dav/files';
} else { } else {
config.nextcloudFileURL = ''; config.nextcloudFileURL = '';
config.nextcloudOrigin = '';
config.nextcloudWebAppPasswordURL = ''; config.nextcloudWebAppPasswordURL = '';
config.nextcloudWebDavURL = ''; config.nextcloudWebDavURL = '';
} }
function getOrigin(url) {
if (url)
return new URL(url).origin;
return '';
}
config.CSP = `default-src 'self' 'unsafe-eval' 'unsafe-inline' \
${getOrigin(config.matomoUrl)} ${getOrigin(config.keyCloakBaseURL)} ${getOrigin(config.entryPointURL)} \
httpbin.org ${getOrigin(config.nextcloudBaseURL)} www.handy-signatur.at \
${getOrigin(config.pdfAsQualifiedlySigningServer)}; \
img-src * blob: data:`;
export default (async () => {return { export default (async () => {return {
input: (appEnv != 'test') ? [ input: (appEnv != 'test') ? [
'src/' + pkg.name + '.js', 'src/' + pkg.name + '.js',
...@@ -129,11 +130,10 @@ export default (async () => {return { ...@@ -129,11 +130,10 @@ export default (async () => {return {
nextcloudBaseURL: config.nextcloudBaseURL, nextcloudBaseURL: config.nextcloudBaseURL,
nextcloudFileURL: config.nextcloudFileURL, nextcloudFileURL: config.nextcloudFileURL,
nextcloudName: config.nextcloudName, nextcloudName: config.nextcloudName,
keyCloakServer: config.keyCloakServer,
keyCloakBaseURL: config.keyCloakBaseURL, keyCloakBaseURL: config.keyCloakBaseURL,
keyCloakClientId: config.keyCloakClientId, keyCloakClientId: config.keyCloakClientId,
pdfAsQualifiedlySigningServer: config.pdfAsQualifiedlySigningServer,
environment: appEnv, environment: appEnv,
CSP: config.CSP,
matomoUrl: config.matomoUrl, matomoUrl: config.matomoUrl,
matomoSiteId: config.matomoSiteId, matomoSiteId: config.matomoSiteId,
buildInfo: getBuildInfo(appEnv) buildInfo: getBuildInfo(appEnv)
...@@ -220,9 +220,9 @@ Dependencies: ...@@ -220,9 +220,9 @@ Dependencies:
host: '127.0.0.1', host: '127.0.0.1',
port: 8001, port: 8001,
historyApiFallback: config.basePath + pkg.name + '.html', historyApiFallback: config.basePath + pkg.name + '.html',
https: USE_HTTPS ? generateTLSConfig() : false, https: useHTTPS ? generateTLSConfig() : false,
headers: { headers: {
'Content-Security-Policy': `default-src 'self' 'unsafe-eval' 'unsafe-inline' ${config.matomoUrl} ${config.keyCloakServer} ${config.entryPointURL} httpbin.org ${config.nextcloudOrigin} www.handy-signatur.at ${config.pdfAsQualifiedlySigningServer} ; img-src * blob: data:` 'Content-Security-Policy': config.CSP
}, },
}) : false }) : false
] ]
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment