Skip to content

Commit 158e2d0

Browse files
alex-crabnebulaalex-crabnebula
committed
Build csp headers dynamically
1 parent 28de776 commit 158e2d0

2 files changed

Lines changed: 24 additions & 4 deletions

File tree

clients/web/csp.js

Lines changed: 23 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,14 @@ import {
66
WASM_UNSAFE_EVAL,
77
UNSAFE_EVAL,
88
} from "csp-header";
9+
import { env, argv } from "node:process";
10+
import { readFile, writeFile } from "node:fs/promises";
911

1012
export function generateCSP(isDev = false) {
13+
const FATHOM_HOST = env.VITE_FATHOM_URL
14+
? new URL(env.VITE_FATHOM_URL).host
15+
: undefined;
16+
1117
return getCSP({
1218
reportUri: isDev
1319
? ""
@@ -16,14 +22,27 @@ export function generateCSP(isDev = false) {
1622
"default-src": [SELF],
1723
"frame-src": [SELF],
1824
"script-src": isDev
19-
? [SELF, UNSAFE_EVAL, process.env.VITE_FATHOM_URL]
20-
: [SELF, WASM_UNSAFE_EVAL, process.env.VITE_FATHOM_URL],
25+
? [SELF, UNSAFE_EVAL, FATHOM_HOST].filter(Boolean)
26+
: [SELF, WASM_UNSAFE_EVAL, FATHOM_HOST].filter(Boolean),
2127
"style-src": [SELF, UNSAFE_INLINE],
2228
"connect-src": [SELF, "127.0.0.1", "127.0.0.1:*", "ws://localhost:5173/"],
23-
"img-src": [SELF, process.env.VITE_FATHOM_URL],
29+
"img-src": [SELF, FATHOM_HOST].filter(Boolean),
2430
"object-src": [NONE],
2531
},
2632
});
2733
}
2834

29-
console.log(generateCSP());
35+
if (argv.includes("-i")) {
36+
readFile("./netlify.toml", "utf-8").then((toml) =>
37+
writeFile(
38+
"./netlify.toml",
39+
toml.replace(
40+
/Content-Security-Policy-Report-Only=[^\n]+/,
41+
`Content-Security-Policy-Report-Only="${generateCSP()}"`,
42+
),
43+
"utf-8",
44+
).then(() => console.log("Updated CSP headers in netlify.toml")),
45+
);
46+
} else {
47+
console.log(generateCSP());
48+
}

clients/web/package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
"scripts": {
1010
"proto": "protoc --ts_out src/lib/proto --proto_path ../../crates/wire/proto ../../crates/wire/proto/common.proto ../../crates/wire/proto/instrument.proto ../../crates/wire/proto/logs.proto ../../crates/wire/proto/spans.proto ../../crates/wire/proto/tauri.proto ../../crates/wire/proto/sources.proto ../../crates/wire/proto/meta.proto ../../crates/wire/proto/health.proto",
1111
"dev": "pnpm proto --experimental_allow_proto3_optional && vite",
12+
"build:csp": "node csp.js -i",
1213
"build": "pnpm proto && vite build",
1314
"preview": "pnpm proto && vite preview",
1415
"format": "prettier --write --cache .",

0 commit comments

Comments
 (0)