mirror of
https://github.com/elyby/accounts-frontend.git
synced 2024-11-12 19:25:54 +05:30
Добавлены заголовки безопасности
This commit is contained in:
parent
a071789e52
commit
bf354a0a3d
@ -70,6 +70,7 @@
|
||||
"babel-runtime": "^6.0.0",
|
||||
"bundle-loader": "^0.5.4",
|
||||
"check-node-version": "^2.1.0",
|
||||
"csp-webpack-plugin": "^1.0.2",
|
||||
"css-loader": "^0.28.0",
|
||||
"enzyme": "^2.2.0",
|
||||
"eslint": "^4.0.0",
|
||||
|
@ -6,6 +6,9 @@
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="msapplication-tap-highlight" content="no">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1.0, user-scalable=no">
|
||||
<% if (htmlWebpackPlugin.options.isCspEnabled) { %>
|
||||
<meta http-equiv="Content-Security-Policy" content="%%CSP_CONTENT%%">
|
||||
<% } %>
|
||||
|
||||
<% if (htmlWebpackPlugin.files.favicon) { %>
|
||||
<link rel="shortcut icon" href="<%= htmlWebpackPlugin.files.favicon %>">
|
||||
|
@ -11,6 +11,7 @@ const HtmlWebpackPlugin = require('html-webpack-plugin');
|
||||
const cssUrl = require('webpack-utils/cssUrl');
|
||||
const cssImport = require('postcss-import');
|
||||
const SitemapPlugin = require('sitemap-webpack-plugin').default;
|
||||
const CSPPlugin = require('csp-webpack-plugin');
|
||||
const localeFlags = require('./src/components/i18n/localeFlags').default;
|
||||
|
||||
const SUPPORTED_LANGUAGES = Object.keys(require('./src/i18n/index.json'));
|
||||
@ -46,6 +47,7 @@ const isTest = process.argv.some((arg) => arg.indexOf('karma') !== -1);
|
||||
const isDockerized = !!process.env.DOCKERIZED;
|
||||
const isCI = !!process.env.CI;
|
||||
const isSilent = isCI || process.argv.some((arg) => /quiet/.test(arg));
|
||||
const isCspEnabled = false;
|
||||
|
||||
process.env.NODE_ENV = isProduction ? 'production' : 'development';
|
||||
if (isTest) {
|
||||
@ -107,7 +109,7 @@ const webpackConfig = {
|
||||
'react/addons': true
|
||||
} : {},
|
||||
|
||||
devtool: 'cheap-module-eval-source-map',
|
||||
devtool: 'cheap-module-source-map',
|
||||
|
||||
plugins: [
|
||||
new webpack.DefinePlugin({
|
||||
@ -131,7 +133,8 @@ const webpackConfig = {
|
||||
inject: false,
|
||||
minify: {
|
||||
collapseWhitespace: isProduction
|
||||
}
|
||||
},
|
||||
isCspEnabled,
|
||||
}),
|
||||
new SitemapPlugin('https://account.ely.by', [
|
||||
'/',
|
||||
@ -314,6 +317,25 @@ if (!isProduction && !isTest) {
|
||||
}
|
||||
}
|
||||
|
||||
if (isCspEnabled) {
|
||||
webpackConfig.plugins.push(new CSPPlugin({
|
||||
'default-src': '\'none\'',
|
||||
'style-src': ['\'self\'', '\'unsafe-inline\''],
|
||||
'script-src': [
|
||||
'\'self\'',
|
||||
'\'unsafe-inline\'',
|
||||
'https://www.google-analytics.com',
|
||||
'https://www.google.com/recaptcha/',
|
||||
'https://www.gstatic.com/recaptcha/',
|
||||
],
|
||||
'img-src': ['\'self\'', 'data:', 'www.google-analytics.com'],
|
||||
'font-src': ['\'self\'', 'data:'],
|
||||
'connect-src': isProduction ? ['\'self\''] : ['\'self\'', 'ws://localhost:8080'],
|
||||
'frame-src': ['https://www.google.com/recaptcha/'],
|
||||
'report-uri': 'https://sentry.ely.by/api/2/csp-report/?sentry_key=088e7718236a4f91937a81fb319a93f6',
|
||||
}));
|
||||
}
|
||||
|
||||
if (isDockerized) {
|
||||
webpackConfig.watchOptions = {
|
||||
poll: 2000
|
||||
|
@ -1482,7 +1482,7 @@ check-node-version@^2.1.0:
|
||||
run-parallel "^1.1.4"
|
||||
semver "^5.0.3"
|
||||
|
||||
cheerio@^0.22.0:
|
||||
cheerio@0.22.0, cheerio@^0.22.0:
|
||||
version "0.22.0"
|
||||
resolved "https://registry.yarnpkg.com/cheerio/-/cheerio-0.22.0.tgz#a9baa860a3f9b595a6b81b1a86873121ed3a269e"
|
||||
dependencies:
|
||||
@ -1861,6 +1861,13 @@ crypto-browserify@3.3.0:
|
||||
ripemd160 "0.2.0"
|
||||
sha.js "2.2.6"
|
||||
|
||||
csp-webpack-plugin@^1.0.2:
|
||||
version "1.0.2"
|
||||
resolved "https://registry.yarnpkg.com/csp-webpack-plugin/-/csp-webpack-plugin-1.0.2.tgz#171cb7af8061ac5c339d0368d6de7596dc218cfb"
|
||||
dependencies:
|
||||
cheerio "0.22.0"
|
||||
lodash "^4.17.4"
|
||||
|
||||
css-color-names@0.0.4:
|
||||
version "0.0.4"
|
||||
resolved "https://registry.yarnpkg.com/css-color-names/-/css-color-names-0.0.4.tgz#808adc2e79cf84738069b646cb20ec27beb629e0"
|
||||
|
Loading…
Reference in New Issue
Block a user