Skip to content

Commit

Permalink
Merge branch 'DIGG-456' into dev
Browse files Browse the repository at this point in the history
  • Loading branch information
MikaMunterud committed Oct 18, 2024
2 parents 2ca50ef + ecb0374 commit bf3a864
Showing 1 changed file with 12 additions and 11 deletions.
23 changes: 12 additions & 11 deletions utilities/generateCsp.ts
Original file line number Diff line number Diff line change
Expand Up @@ -34,15 +34,16 @@ const generateCSP = ({ nonce }: generateCSPProps = {}) => {
policy[directive] = curr ? [...curr, value] : [value];
};

const scriptSrc = `'self' ${
nonce ? `'nonce-${nonce}'` : ""
} 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https://webbanalys.digg.se https://webbanalys-dashboard.digg.se *.entryscape.com *.dataportal.se *.beta.dataportal.digikube.dgstage.se *.dataportal.dev1.se 'report-sample' https://webbanalys-dashboard.digg.se/js/container_hV6fNi9j_preview.js https://webbanalys.digg.se/js/container_hV6fNi9j.js`;

add("default-src", `'self'`, { prodOnly: true });
add("manifest-src", `'self'`, { prodOnly: true });
add("object-src", `'none'`, { prodOnly: true });
add("script-src", scriptSrc, { prodOnly: false });

add(
"script-src",
`'self' ${
nonce ? `'nonce-${nonce}'` : ""
} 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https://webbanalys.digg.se https://webbanalys-dashboard.digg.se *.entryscape.com *.dataportal.se *.beta.dataportal.digikube.dgstage.se *.dataportal.dev1.se`,
{ prodOnly: true },
);
add(
"script-src-attr",
`'unsafe-hashes' 'sha256-dYUMUtU0sGsXCiI6XuVhMNdPUHRSW7RGVl5bz5LjpAI=' 'sha256-VBX8ceLcK+xMdfMO8F4EoCjmT8IQqXqmpv70AnAzpAc='`,
Expand All @@ -53,9 +54,9 @@ const generateCSP = ({ nonce }: generateCSPProps = {}) => {
);
add(
"font-src",
`'self' data: https://static.entryscape.com https://static.cdn.entryscape.com`,
`'self' data: https://static.entryscape.com https://static.cdn.entryscape.com https://webbanalys-dashboard.digg.se`,
);
add("base-uri", `'self' https://webbanalys-dashboard.digg.se/`);
add("base-uri", `'self' https://webbanalys-dashboard.digg.se`);
add("manifest-src", `'self'`);
add("form-action", `'self'`);
add(
Expand All @@ -70,18 +71,18 @@ const generateCSP = ({ nonce }: generateCSPProps = {}) => {
);
add(
"style-src",
`'self' 'unsafe-inline' https://cdn.screen9.com/players/amber-player.css`,
`'self' 'unsafe-inline' https://cdn.screen9.com/players/amber-player.css https://webbanalys-dashboard.digg.se`,
);
add(
"style-src-elem",
`'self' 'unsafe-inline' https://cdn.screen9.com/players/amber-player.css`,
`'self' 'unsafe-inline' https://cdn.screen9.com/players/amber-player.css https://webbanalys-dashboard.digg.se`,
);
add("style-src-attr", `'self' 'unsafe-inline'`);
add(
"connect-src",
`'self' https://* http://127.0.0.1:1300/ https://admin.dataportal.se https://editera.dataportal.se https://webbanalys.digg.se ${
reactEnv("APOLLO_URL") || ""
} https://* webbanalys.digg.se webbanalys-dashboard.digg.se statsapi.screen9.com`,
} https://* webbanalys.digg.se statsapi.screen9.com`,
);

// Return the object in a formatted value
Expand Down

0 comments on commit bf3a864

Please sign in to comment.