smeserver/smeserver-manager
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Mon Dec 30 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-33.sme

Browse Source 
- host locally flag-icon.min.css 3.5.0 [SME: 12845]
- remove onclick to comply with strict CSP [SME: 12846]
- add CSP rules with specific hash [SME: 12840]
This commit is contained in:
Jean-Philippe Pialasse
2024-12-31 01:25:04 -05:00
parent b58f82a332
commit 58c3f2348a
17 changed files with 119 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/27SManagerProxyPass
View File

@@ -39,7 +39,13 @@
$OUT .= "# private access by default\n";
$OUT .= " Require ip $localAccess $externalSSLAccess\n";
}
$OUT .= " </Location>\n";
# any smanager script or style added in line should be hashed and added here to run in a modern browser
$OUT .= " Header set Content-Security-Policy \"script-src 'self' 'unsafe-eval' 'unsafe-hashes' "
." 'sha256-X8Qwlk0M9iDTQZqFVpbVcThRjBqQXpwTOZCLX8I+Frk=' 'sha256-inQ04nmqTZI75Z5g/tAzjahedNugPFfrhxHyoFezFkM=' 'sha256-5IsIX+Vbow7wwy2RjR3+5X06R/0CQZPkw3OHj/228cM=' 'sha256-tfVskwioRaNsV75h89itf7FujMgIrodfs1Ea4UAJNpE=' 'sha256-P51OyslUh5bGkoWk9qY+o4Su4HuwNFoQcFCeNxF7Ms8=' ; "
." style-src 'self' 'unsafe-hashes' "
." 'sha256-msdEhWmYTu7vqzGaQHDfvy6lzlDsbKkouwvN2R6Co9E=' 'sha256-a1tyxi1vRpW2Q9+0hM+nBA250/jWJlJdeR43c5r90PI=' 'sha256-iYwYhiMcsGmXCUzLEpEzZNz5dINrlkqf1sLbLhEcqGM=' 'sha256-bOTFT8zacR4Rfja/WIKXgAQQXVaPyG3oBlvAhU4ga8g=' 'sha256-2iGOQeZyvW9G2X+8IhZDG+GPRpXQTxUg/2QxdI+dyEg=' 'sha256-CP93jJ1Y8nMwUoDzFbo1srdgsbADPasAc0Wjig1ahpY=' 'sha256-2iGOQeZyvW9G2X+8IhZDG+GPRpXQTxUg/2QxdI+dyEg=' ;"
." \"\n";
$OUT .= " </Location>\n";
# prevent caching of manager files in browser
$OUT .= " <LocationMatch \"/$place/.+\.(html|cgi)\$\">\n";
$OUT .= " Header set Cache-Control no-store\n";