colin
/
ploughshares
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve security by hosting all resources locally and using system fonts
ci/woodpecker/push/woodpecker Pipeline was successful Details

This commit is contained in:
colin 2025-07-03 14:18:16 -04:00
parent 6a2dd63ad3
commit f25ca7ffe0
5 changed files with 135 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
docker/ploughshares/app.py
View File

@ -41,21 +41,13 @@ APP_DOMAIN = os.environ.get('APP_DOMAIN', '')
APP_ENV = os.environ.get('APP_ENV', 'development') APP_ENV = os.environ.get('APP_ENV', 'development')
# Configure security headers with Talisman # Configure security headers with Talisman
# Base CSP settings # Base CSP settings - much more restrictive now that we use local resources
csp = { csp = {
'default-src': ["'self'"], 'default-src': ["'self'"],
'script-src': [ 'script-src': ["'self'"],
"'self'", 'style-src': ["'self'"],
"'unsafe-inline'", 'img-src': ["'self'", "data:"],
"https://cdn.jsdelivr.net/", 'font-src': ["'self'"],
],
'style-src': [
"'self'",
"'unsafe-inline'",
"https://cdn.jsdelivr.net/",
],
'img-src': ["'self'", "data:", "https:"],
'font-src': ["'self'", "data:", "https://cdn.jsdelivr.net/"],
'connect-src': "'self'", 'connect-src': "'self'",
'object-src': "'none'", 'object-src': "'none'",
'frame-ancestors': "'none'", 'frame-ancestors': "'none'",

6
docker/ploughshares/static/css/bootstrap.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

114
docker/ploughshares/static/css/custom.css Normal file
View File

@ -0,0 +1,114 @@
/* Custom styles for Ploughshares application */
/* System font stack */
body {
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;
padding-top: 20px;
padding-bottom: 20px;
}
/* Header styles */
.header {
border-bottom: 1px solid #e5e5e5;
margin-bottom: 30px;
}
.header h3 {
margin-top: 0;
margin-bottom: 0;
line-height: 40px;
}
/* Footer styles */
.footer {
padding-top: 19px;
color: #777;
border-top: 1px solid #e5e5e5;
margin-top: 30px;
}
/* Form styles */
.form-group {
margin-bottom: 15px;
}
/* Card styles */
.document-card {
margin-bottom: 15px;
}
/* Logo styles */
.logo {
max-height: 40px;
margin-right: 10px;
}
.navbar-brand {
display: flex;
align-items: center;
}
/* Currency styles */
.currency-value {
font-weight: 600;
color: #28a745;
}
.amount-cell {
text-align: right;
}
td.amount-cell {
text-align: right;
}
/* Version display */
.version {
font-size: 0.8em;
color: #999;
}
/* Navigation styles */
.navbar-nav {
gap: 1rem;
}
.nav-item {
margin: 0 0.5rem;
}
/* Button icons using Unicode symbols */
.btn-add::before {
content: " ";
}
.btn-edit::before {
content: "✏️ ";
}
.btn-delete::before {
content: "🗑️ ";
}
.btn-view::before {
content: "👁️ ";
}
/* Navbar toggle button */
.navbar-toggler-icon {
background-image: none;
position: relative;
}
.navbar-toggler-icon::before {
content: "☰";
font-size: 1.5rem;
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 100%;
display: flex;
align-items: center;
justify-content: center;
}

7
docker/ploughshares/static/js/bootstrap.bundle.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

61
docker/ploughshares/templates/base.html
View File

@ -5,63 +5,8 @@
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>{% block title %}Project Ploughshares - Transaction Management System{% endblock %}</title> <title>{% block title %}Project Ploughshares - Transaction Management System{% endblock %}</title>
<link rel="icon" type="image/x-icon" href="{{ url_for('static', filename='favicon.ico') }}"> <link rel="icon" type="image/x-icon" href="{{ url_for('static', filename='favicon.ico') }}">
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet"> <link rel="stylesheet" href="{{ url_for('static', filename='css/bootstrap.min.css') }}">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.0/font/bootstrap-icons.css"> <link rel="stylesheet" href="{{ url_for('static', filename='css/custom.css') }}">
<style>
body {
padding-top: 20px;
padding-bottom: 20px;
}
.header {
border-bottom: 1px solid #e5e5e5;
margin-bottom: 30px;
}
.header h3 {
margin-top: 0;
margin-bottom: 0;
line-height: 40px;
}
.footer {
padding-top: 19px;
color: #777;
border-top: 1px solid #e5e5e5;
margin-top: 30px;
}
.form-group {
margin-bottom: 15px;
}
.document-card {
margin-bottom: 15px;
}
.logo {
max-height: 40px;
margin-right: 10px;
}
.navbar-brand {
display: flex;
align-items: center;
}
.currency-value {
font-weight: 600;
color: #28a745;
}
.amount-cell {
text-align: right;
}
td:has(.currency-value) {
text-align: right;
}
.version {
font-size: 0.8em;
color: #999;
}
.navbar-nav {
gap: 1rem;
}
.nav-item {
margin: 0 0.5rem;
}
</style>
</head> </head>
<body> <body>
<div class="container"> <div class="container">
@ -110,7 +55,7 @@
</footer> </footer>
</div> </div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script> <script src="{{ url_for('static', filename='js/bootstrap.bundle.min.js') }}"></script>
{% block scripts %}{% endblock %} {% block scripts %}{% endblock %}
</body> </body>
</html> </html>