github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-14 20:40:17 -05:00
Code Issues Projects Releases Packages Wiki Activity

Add report-to CSP directive (#20567)

Browse source 
GitOrigin-RevId: 28ba23aee10deec14de5c520cb277fa10bee118c
This commit is contained in:
Alf Eaton 2024-10-02 10:30:47 +01:00 committed by Copybot
parent 24c8629cd4
commit 868fc93012
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
services/web/app/src/infrastructure/CSP.js
View file

@ -16,6 +16,9 @@ module.exports = function ({
return function (req, res, next) {
// set the default policy
res.set(header, defaultPolicy)
if (reportUri) {
res.set('Reporting-Endpoints', `csp-endpoint="${reportUri}"`)
}
const originalRender = res.render
@ -25,6 +28,7 @@ module.exports = function ({
if (exclude.includes(view)) {
// remove the default policy
res.removeHeader(header)
res.removeHeader('Reporting-Endpoints')
} else {
// set the view policy
res.locals.cspEnabled = true
@ -58,7 +62,7 @@ const buildDefaultPolicy = (reportUri, styleSrc) => {
if (reportUri) {
directives.push(`report-uri ${reportUri}`)
// NOTE: implement report-to once it's more widely supported
directives.push(`report-to csp-endpoint`)
}
if (styleSrc) {
@ -81,7 +85,7 @@ const buildViewPolicy = (scriptNonce, reportPercentage, reportUri) => {
if (belowReportCutoff) {
directives.push(`report-uri ${reportUri}`)
// NOTE: implement report-to once it's more widely supported
directives.push(`report-to csp-endpoint`)
}
}