@elliemae/pui-cli 8.41.1 → 8.41.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/server/csp.js +4 -2
- package/dist/cjs/webpack/webpack.dev.babel.js +1 -1
- package/dist/cjs/webpack/webpack.prod.babel.js +1 -1
- package/dist/esm/server/csp.js +4 -2
- package/dist/esm/webpack/webpack.dev.babel.js +1 -1
- package/dist/esm/webpack/webpack.prod.babel.js +1 -1
- package/dist/types/tsconfig.tsbuildinfo +1 -1
- package/package.json +1 -1
package/dist/cjs/server/csp.js
CHANGED
|
@@ -66,18 +66,20 @@ const sendFileWithCSPNonce = ({
|
|
|
66
66
|
};
|
|
67
67
|
const getScriptSrc = () => {
|
|
68
68
|
const source = (req, res) => `'nonce-${res.locals.cspNonce}'`;
|
|
69
|
-
const scriptSrc = [source, "strict-dynamic"];
|
|
69
|
+
const scriptSrc = [source, "'strict-dynamic'"];
|
|
70
70
|
return true ? scriptSrc.concat(["'unsafe-eval'"]) : scriptSrc;
|
|
71
71
|
};
|
|
72
72
|
const csp = (app) => {
|
|
73
73
|
app.use((req, res, next) => {
|
|
74
|
-
res.locals.cspNonce = import_crypto.default.randomBytes(32).toString("
|
|
74
|
+
res.locals.cspNonce = import_crypto.default.randomBytes(32).toString("base64");
|
|
75
75
|
next();
|
|
76
76
|
});
|
|
77
77
|
app.use(
|
|
78
78
|
(0, import_helmet.default)({
|
|
79
79
|
contentSecurityPolicy: {
|
|
80
|
+
useDefaults: false,
|
|
80
81
|
directives: {
|
|
82
|
+
defaultSrc: import_helmet.default.contentSecurityPolicy.dangerouslyDisableDefaultSrc,
|
|
81
83
|
baseUri: ["'none'"],
|
|
82
84
|
frameAncestors: sources,
|
|
83
85
|
objectSrc: ["'none'"],
|
|
@@ -100,7 +100,7 @@ const devConfig = {
|
|
|
100
100
|
// Add development plugins
|
|
101
101
|
plugins: [
|
|
102
102
|
new import_html_webpack_plugin.default({
|
|
103
|
-
inject: !(0, import_helpers.isAppLoaderEnabled)(),
|
|
103
|
+
inject: !(0, import_helpers.isAppLoaderEnabled)() && process.env.CSP !== "true",
|
|
104
104
|
// Inject all files that are generated by webpack, e.g. bundle.js
|
|
105
105
|
template: !(0, import_helpers.isAppLoaderEnabled)() ? "app/index.html" : "app/index-app-loader.html",
|
|
106
106
|
emui: {
|
|
@@ -115,7 +115,7 @@ const {
|
|
|
115
115
|
basePath
|
|
116
116
|
} = (0, import_helpers.getPaths)();
|
|
117
117
|
const htmlWebpackPlugin = new import_html_webpack_plugin.default({
|
|
118
|
-
inject: !(0, import_helpers.isAppLoaderEnabled)(),
|
|
118
|
+
inject: !(0, import_helpers.isAppLoaderEnabled)() && process.env.CSP !== "true",
|
|
119
119
|
template: !(0, import_helpers.isAppLoaderEnabled)() ? "app/index.html" : "app/index-app-loader.html",
|
|
120
120
|
minify: {
|
|
121
121
|
removeComments: true,
|
package/dist/esm/server/csp.js
CHANGED
|
@@ -32,18 +32,20 @@ const sendFileWithCSPNonce = ({
|
|
|
32
32
|
};
|
|
33
33
|
const getScriptSrc = () => {
|
|
34
34
|
const source = (req, res) => `'nonce-${res.locals.cspNonce}'`;
|
|
35
|
-
const scriptSrc = [source, "strict-dynamic"];
|
|
35
|
+
const scriptSrc = [source, "'strict-dynamic'"];
|
|
36
36
|
return true ? scriptSrc.concat(["'unsafe-eval'"]) : scriptSrc;
|
|
37
37
|
};
|
|
38
38
|
const csp = (app) => {
|
|
39
39
|
app.use((req, res, next) => {
|
|
40
|
-
res.locals.cspNonce = crypto.randomBytes(32).toString("
|
|
40
|
+
res.locals.cspNonce = crypto.randomBytes(32).toString("base64");
|
|
41
41
|
next();
|
|
42
42
|
});
|
|
43
43
|
app.use(
|
|
44
44
|
helmet({
|
|
45
45
|
contentSecurityPolicy: {
|
|
46
|
+
useDefaults: false,
|
|
46
47
|
directives: {
|
|
48
|
+
defaultSrc: helmet.contentSecurityPolicy.dangerouslyDisableDefaultSrc,
|
|
47
49
|
baseUri: ["'none'"],
|
|
48
50
|
frameAncestors: sources,
|
|
49
51
|
objectSrc: ["'none'"],
|
|
@@ -70,7 +70,7 @@ const devConfig = {
|
|
|
70
70
|
// Add development plugins
|
|
71
71
|
plugins: [
|
|
72
72
|
new HtmlWebpackPlugin({
|
|
73
|
-
inject: !isAppLoaderEnabled(),
|
|
73
|
+
inject: !isAppLoaderEnabled() && process.env.CSP !== "true",
|
|
74
74
|
// Inject all files that are generated by webpack, e.g. bundle.js
|
|
75
75
|
template: !isAppLoaderEnabled() ? "app/index.html" : "app/index-app-loader.html",
|
|
76
76
|
emui: {
|
|
@@ -87,7 +87,7 @@ const {
|
|
|
87
87
|
basePath
|
|
88
88
|
} = getPaths();
|
|
89
89
|
const htmlWebpackPlugin = new HtmlWebpackPlugin({
|
|
90
|
-
inject: !isAppLoaderEnabled(),
|
|
90
|
+
inject: !isAppLoaderEnabled() && process.env.CSP !== "true",
|
|
91
91
|
template: !isAppLoaderEnabled() ? "app/index.html" : "app/index-app-loader.html",
|
|
92
92
|
minify: {
|
|
93
93
|
removeComments: true,
|