agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-03 22:29:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add report-to CSP directive (#20567)

Browse Source 
GitOrigin-RevId: 28ba23aee10deec14de5c520cb277fa10bee118c
This commit is contained in:
Alf Eaton
2024-10-02 10:30:47 +01:00
committed by Copybot
parent 24c8629cd4
commit 868fc93012
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/web/app/src/infrastructure/CSP.js
+6 -2
View File
@@ -16,6 +16,9 @@ module.exports = function ({
return function (req, res, next) {
// set the default policy
res.set(header, defaultPolicy)
if (reportUri) {
res.set('Reporting-Endpoints', `csp-endpoint="${reportUri}"`)
}
const originalRender = res.render
@@ -25,6 +28,7 @@ module.exports = function ({
if (exclude.includes(view)) {
// remove the default policy
res.removeHeader(header)
res.removeHeader('Reporting-Endpoints')
} else {
// set the view policy
res.locals.cspEnabled = true
@@ -58,7 +62,7 @@ const buildDefaultPolicy = (reportUri, styleSrc) => {
if (reportUri) {
directives.push(`report-uri ${reportUri}`)
// NOTE: implement report-to once it's more widely supported
directives.push(`report-to csp-endpoint`)
}
if (styleSrc) {
@@ -81,7 +85,7 @@ const buildViewPolicy = (scriptNonce, reportPercentage, reportUri) => {
if (belowReportCutoff) {
directives.push(`report-uri ${reportUri}`)
// NOTE: implement report-to once it's more widely supported
directives.push(`report-to csp-endpoint`)
}
}