github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-29 20:33:36 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #3933 from overleaf/ae-csp-report-percentage

Browse source 
Add CSP_REPORT_PERCENTAGE

GitOrigin-RevId: 4afde0da6e3660c83df8c5c9cd31a3f246e9e572
This commit is contained in:
Alf Eaton 2021-04-21 13:48:25 +01:00 committed by Copybot
parent 8b35db3fc1
commit 2621a1d5bb
2 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
services/web/app/src/infrastructure/CSP.js
View file

@ -3,6 +3,7 @@ const path = require('path')
module.exports = function ({ module.exports = function ({
reportUri, reportUri,
reportPercentage,
reportOnly = false, reportOnly = false,
exclude = [], exclude = [],
percentage percentage
@ -29,7 +30,10 @@ module.exports = function ({
`base-uri 'none'` `base-uri 'none'`
] ]
if (reportUri) { // enable the report URI for a percentage of CSP-enabled requests
const belowReportCutoff = Math.random() * 100 <= reportPercentage
if (reportUri && belowReportCutoff) {
directives.push(`report-uri ${reportUri}`) directives.push(`report-uri ${reportUri}`)
// NOTE: implement report-to once it's more widely supported // NOTE: implement report-to once it's more widely supported
} }

1
services/web/config/settings.defaults.coffee
View file

@ -736,6 +736,7 @@ module.exports = settings =
percentage: parseFloat(process.env.CSP_PERCENTAGE) || 0 percentage: parseFloat(process.env.CSP_PERCENTAGE) || 0
enabled: process.env.CSP_ENABLED == 'true' enabled: process.env.CSP_ENABLED == 'true'
reportOnly: process.env.CSP_REPORT_ONLY == 'true' reportOnly: process.env.CSP_REPORT_ONLY == 'true'
reportPercentage: parseFloat(process.env.CSP_REPORT_PERCENTAGE) || 0
reportUri: process.env.CSP_REPORT_URI reportUri: process.env.CSP_REPORT_URI
exclude: [ exclude: [
'app/views/project/editor', 'app/views/project/editor',