From 986c5d74a1f1bd91e292682a8ba4da66be42241b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Wed, 24 Apr 2024 13:24:45 +0200 Subject: [PATCH 1/5] Change: Allow to load fonts from the local server Extend the content-security-policy to allow to load fronts from the local server. The styling of GSA might contain new fonts that can't be loaded otherwise. --- src/gsad.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/gsad.c b/src/gsad.c index 83e286854..2ef955c7a 100644 --- a/src/gsad.c +++ b/src/gsad.c @@ -167,6 +167,7 @@ "form-action 'self'; " \ "style-src-elem 'self' 'unsafe-inline'; " \ "style-src 'self' 'unsafe-inline'; " \ + "font-src 'self';" \ "img-src 'self' blob:;" /** From 39bdd1e9172aa36f072f05f13946aefb77cd106d Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Wed, 24 Apr 2024 16:22:37 +0200 Subject: [PATCH 2/5] Change: Update directory name for assets url handler After switching to Vite as a build tool for GSA, all assets are placed by default in assets directory without creating subfolders for each type. --- src/gsad_http_handler.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/gsad_http_handler.c b/src/gsad_http_handler.c index 4e35e6629..bab0debf1 100644 --- a/src/gsad_http_handler.c +++ b/src/gsad_http_handler.c @@ -769,7 +769,7 @@ make_url_handlers () url_handler_add_func (url_handlers, "^/robots\\.txt$", handle_static_file); url_handler_add_func (url_handlers, "^/config\\.*js$", handle_static_config); - url_handler_add_func (url_handlers, "^/static/(img|js|css|media)/.+$", + url_handler_add_func (url_handlers, "^/assets/.+$", handle_static_file); url_handler_add_func (url_handlers, "^/manual/.+$", handle_static_file); From c84a9774f661fc710950e9a2896f609d1d1ea276 Mon Sep 17 00:00:00 2001 From: Ahmed Abdelsalam Date: Wed, 24 Apr 2024 16:41:20 +0200 Subject: [PATCH 3/5] Fix code formatting --- src/gsad_http_handler.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/gsad_http_handler.c b/src/gsad_http_handler.c index bab0debf1..098d75b23 100644 --- a/src/gsad_http_handler.c +++ b/src/gsad_http_handler.c @@ -769,8 +769,7 @@ make_url_handlers () url_handler_add_func (url_handlers, "^/robots\\.txt$", handle_static_file); url_handler_add_func (url_handlers, "^/config\\.*js$", handle_static_config); - url_handler_add_func (url_handlers, "^/assets/.+$", - handle_static_file); + url_handler_add_func (url_handlers, "^/assets/.+$", handle_static_file); url_handler_add_func (url_handlers, "^/manual/.+$", handle_static_file); // Create /gmp handler. From f88fe83f04eddc1fcdaf9ca1895f342bc6270c5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Thu, 25 Apr 2024 08:11:59 +0200 Subject: [PATCH 4/5] Support "old" static files directory Allow to use the gsad with old GSA versions and the in development one. --- src/gsad_http_handler.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/gsad_http_handler.c b/src/gsad_http_handler.c index 098d75b23..1d0347a74 100644 --- a/src/gsad_http_handler.c +++ b/src/gsad_http_handler.c @@ -770,6 +770,8 @@ make_url_handlers () url_handler_add_func (url_handlers, "^/config\\.*js$", handle_static_config); url_handler_add_func (url_handlers, "^/assets/.+$", handle_static_file); + url_handler_add_func (url_handlers, "^/static/(img|js|css|media)/.+$", + handle_static_file); url_handler_add_func (url_handlers, "^/manual/.+$", handle_static_file); // Create /gmp handler. From 3df34c8c4bf4f952fdbcd654a75c4cb28ac60b55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Ricks?= Date: Thu, 25 Apr 2024 11:07:22 +0200 Subject: [PATCH 5/5] Change: Adjust content security policy to allow inline javascript Inline javascript is used by the build tool to detect older versions of browsers. Without adjusting the content security policy we aren't able to support older browsers. --- src/gsad.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/gsad.c b/src/gsad.c index 2ef955c7a..3ee667877 100644 --- a/src/gsad.c +++ b/src/gsad.c @@ -163,6 +163,7 @@ "base-uri 'none'; " \ "connect-src 'self'; " \ "script-src 'self'; " \ + "script-src-elem 'self' 'unsafe-inline';" \ "frame-ancestors 'none'; " \ "form-action 'self'; " \ "style-src-elem 'self' 'unsafe-inline'; " \