deepcrayon
/
lila
1
0
Fork 0
Code Releases Activity

ditch csp reporting

pull/6962/head
Niklas Fiekas 2020-07-09 17:21:50 +02:00
parent 7348b81c88
commit fb49bf223c
3 changed files with 3 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/templating/AssetHelper.scala
View File

@ -7,8 +7,6 @@ import lila.api.Context
import lila.app.ui.ScalatagsTemplate._
import lila.common.{ AssetVersion, ContentSecurityPolicy, Nonce }
import scala.util.Random
trait AssetHelper { self: I18nHelper with SecurityHelper =>
def isProd: Boolean
@ -135,8 +133,7 @@ trait AssetHelper { self: I18nHelper with SecurityHelper =>
workerSrc = List("'self'", assets),
imgSrc = List("data:", "*"),
scriptSrc = List("'self'", assets),
baseUri = List("'none'"),
reportTo = if (Random.nextInt(1000) == 0) List("default") else Nil
baseUri = List("'none'")
)
}

2
app/views/site/bits.scala
View File

@ -27,7 +27,7 @@ object bits {
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src https://fonts.googleapis.com 'unsafe-inline'; font-src https://fonts.gstatic.com; script-src 'unsafe-eval' https://cdn.jsdelivr.net blob:; child-src blob:; connect-src https://raw.githubusercontent.com; img-src data: https://lichess.org https://lichess1.org; report-to default;">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src https://fonts.googleapis.com 'unsafe-inline'; font-src https://fonts.gstatic.com; script-src 'unsafe-eval' https://cdn.jsdelivr.net blob:; child-src blob:; connect-src https://raw.githubusercontent.com; img-src data: https://lichess.org https://lichess1.org;">
<title>Lichess.org API reference</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="https://fonts.googleapis.com/css?family=Montserrat:300,400,700|Roboto:300,400,700" rel="stylesheet">

4
modules/common/src/main/ContentSecurityPolicy.scala
View File

@ -9,8 +9,7 @@ case class ContentSecurityPolicy(
workerSrc: List[String],
imgSrc: List[String],
scriptSrc: List[String],
baseUri: List[String],
reportTo: List[String]
baseUri: List[String]
) {
def withNonce(nonce: Nonce) = copy(scriptSrc = nonce.scriptSrc :: scriptSrc)
@ -81,7 +80,6 @@ case class ContentSecurityPolicy(
"img-src " -> imgSrc,
"script-src " -> scriptSrc,
"base-uri " -> baseUri,
"report-to " -> reportTo
) collect {
case (directive, sources) if sources.nonEmpty =>
sources.mkString(directive, " ", ";")