agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-05-23 17:19:37 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
224edddad435d6bd2163fabd34eb023d8316ec60
overleaf-cep/services/web/webpack.config.dev.js
Jakob Ackermann 224edddad4 [web] set a default, strict CSP on ALL endpoints (#6271) 
* Remove use of CSP_PERCENTAGE

* Move header calculation earlier

* Set a default policy and add comments

* Apply the CSP header to all responses

* Enable CSP in dev environment

* [web] set a default, strict CSP on ALL endpoints

* [misc] enable CSP in dev-env

* Only build the default policy once

* Update docker-compose.yml

* [web] webpack: set default CSP header on webpack assets

This aligns the webpack dev-server with production in nocdn=true mode.

Co-authored-by: Alf Eaton <alf.eaton@overleaf.com>
GitOrigin-RevId: 088a6082ad21c5b3f229887ba0ab3eca8d0528cd
2022-03-18 09:03:01 +00:00

52 lines
1.5 KiB
JavaScript
Raw Blame History

const webpack = require('webpack')
const merge = require('webpack-merge')
const MiniCssExtractPlugin = require('mini-css-extract-plugin')
const base = require('./webpack.config')
const { buildDefaultPolicy } = require('./app/src/infrastructure/CSP')
module.exports = merge(base, {
mode: 'development',
// Enable accurate source maps for dev
devtool: 'source-map',
plugins: [
// Extract CSS to a separate file (rather than inlining to a <style> tag)
new MiniCssExtractPlugin({
// Output to public/stylesheets directory
filename: 'stylesheets/[name].css',
}),
// Disable React DevTools if DISABLE_REACT_DEVTOOLS is set to "true"
process.env.DISABLE_REACT_DEVTOOLS === 'true' &&
new webpack.DefinePlugin({
__REACT_DEVTOOLS_GLOBAL_HOOK__: '({ isDisabled: true })',
}),
].filter(Boolean),
devServer: {
// Expose dev server at www.dev-overleaf.com
host: '0.0.0.0',
port: 3808,
public: 'www.dev-overleaf.com:443',
headers: {
'Content-Security-Policy': buildDefaultPolicy(),
},
// Customise output to the (node) console
stats: {
colors: true, // Enable some coloured highlighting
// Hide some overly verbose output
performance: false, // Disable as code is uncompressed in dev mode
hash: false,
version: false,
chunks: false,
modules: false,
// Hide copied assets from output
excludeAssets: [/^js\/ace/, /^js\/libs/, /^js\/cmaps/],
},
},
})
Reference in New Issue View Git Blame Copy Permalink