[web] Minor cleanup (#4280)

2024-12-02 13:27:40 +05:30
parent bccb162f08 e664b7ac30
commit 2fc5594e8d
5 changed files with 4 additions and 46 deletions
--- a/web/apps/auth/public/_headers
+++ b/web/apps/auth/public/_headers
@@ -1,9 +1,9 @@
 /*
    Cache-Control: no-store, must-revalidate
-    Strict-Transport-Security:  max-age=63072000
+    Strict-Transport-Security: max-age=63072000
    X-Content-Type-Options: nosniff
    X-Download-Options: noopen
    X-Frame-Options: deny
    X-XSS-Protection: 1; mode=block
-    Content-Security-Policy-Report-Only: default-src 'self'; img-src 'self' blob: data:; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' https://assets.ente.io 'unsafe-eval' blob:; manifest-src 'self'; child-src 'self' blob:; object-src 'none'; connect-src 'self' https://*.ente.io data: blob: https://ente-prod-eu.s3.eu-central-003.backblazeb2.com https://ente-prod-v3.s3.eu-central-2.wasabisys.com/ ; base-uri 'self'; frame-ancestors 'none'; form-action 'none'; report-uri https://csp-reporter.ente.io; report-to https://csp-reporter.ente.io;
+    Content-Security-Policy-Report-Only: default-src 'self'; img-src 'self' blob: data:; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' 'unsafe-eval' blob:; manifest-src 'self'; child-src 'self' blob:; object-src 'none'; connect-src 'self' https://*.ente.io data: blob:; base-uri 'self'; frame-ancestors 'none'; form-action 'none'; report-uri https://csp-reporter.ente.io; report-to https://csp-reporter.ente.io;

--- a/web/apps/photos/public/_headers
+++ b/web/apps/photos/public/_headers
@@ -1,9 +1,9 @@
 /*
    Cache-Control: no-store, must-revalidate
-    Strict-Transport-Security:  max-age=63072000
+    Strict-Transport-Security: max-age=63072000
    X-Content-Type-Options: nosniff
    X-Download-Options: noopen
    X-Frame-Options: deny
    X-XSS-Protection: 1; mode=block
-    Content-Security-Policy-Report-Only: default-src 'self'; img-src 'self' blob: data:; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' https://assets.ente.io 'unsafe-eval' blob:; manifest-src 'self'; child-src 'self' blob:; object-src 'none'; connect-src 'self' https://*.ente.io data: blob: https://ente-prod-eu.s3.eu-central-003.backblazeb2.com https://ente-prod-v3.s3.eu-central-2.wasabisys.com/ ; base-uri 'self'; frame-ancestors 'none'; form-action 'none'; report-uri https://csp-reporter.ente.io; report-to https://csp-reporter.ente.io;
+    Content-Security-Policy-Report-Only: default-src 'self'; img-src 'self' blob: data: https://*.openstreetmap.org"; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self' https://assets.ente.io 'unsafe-eval' blob:; manifest-src 'self'; child-src 'self' blob:; object-src 'none'; connect-src 'self' https://*.ente.io data: blob: https://ente-prod-eu.s3.eu-central-003.backblazeb2.com https://ente-prod-v3.s3.eu-central-2.wasabisys.com; base-uri 'self'; frame-ancestors 'none'; form-action 'none'; report-uri https://csp-reporter.ente.io; report-to https://csp-reporter.ente.io;

--- a/web/packages/shared/components/MessageContainer.tsx
+++ b/web/packages/shared/components/MessageContainer.tsx
--- a/web/packages/shared/next/utils/headers.js
+++ b/web/packages/shared/next/utils/headers.js
@@ -1,42 +0,0 @@
-module.exports = {
-    WEB_SECURITY_HEADERS: {
-        "Strict-Transport-Security": "  max-age=63072000",
-        "X-Content-Type-Options": "nosniff",
-        "X-Download-Options": "noopen",
-        "X-Frame-Options": "deny",
-        "X-XSS-Protection": "1; mode=block",
-        "Referrer-Policy": "same-origin",
-    },
-
-    CSP_DIRECTIVES: {
-        // self is safe enough
-        "default-src": "'self'",
-        // data to allow two factor qr code
-        "img-src": "'self' blob: data: https://*.openstreetmap.org",
-        "media-src": "'self' blob:",
-        "manifest-src": "'self'",
-        "style-src": "'self' 'unsafe-inline'",
-        "font-src ": "'self'; script-src 'self' 'unsafe-eval' blob:",
-        "connect-src":
-            "'self' https://*.ente.io http://localhost:8080 data: blob: https://ente-prod-eu.s3.eu-central-003.backblazeb2.com https://ente-prod-v3.s3.eu-central-2.wasabisys.com/ https://ente-staging-eu.s3.eu-central-003.backblazeb2.com/ ws://localhost:3000/",
-        "base-uri ": "'self'",
-        // to allow worker
-        "child-src": "'self' blob:",
-        "object-src": "'none'",
-        "frame-ancestors": " 'none'",
-        "form-action": "'none'",
-        "report-uri": " https://csp-reporter.ente.io/local",
-        "report-to": " https://csp-reporter.ente.io/local",
-    },
-
-    ALL_ROUTES: "/(.*)",
-
-    buildCSPHeader: (directives) => ({
-        "Content-Security-Policy-Report-Only": Object.entries(
-            directives,
-        ).reduce((acc, [key, value]) => acc + `${key} ${value};`, ""),
-    }),
-
-    convertToNextHeaderFormat: (headers) =>
-        Object.entries(headers).map(([key, value]) => ({ key, value })),
-};
--- a/web/packages/shared/utils/index.ts
+++ b/web/packages/shared/utils/index.ts