colin
/
resume
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Disable CSP injection logic in update-csp-hashes.sh (no-op)
ci/woodpecker/push/woodpecker Pipeline was successful Details

This commit is contained in:
Leopere 2025-08-07 17:28:21 -04:00
parent d785776966
commit 8909ece16c
1 changed files with 1 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
docker/resume/update-csp-hashes.sh
View File

@ -158,83 +158,7 @@ if [ -f "$TEMP_INLINE_HASHES_FILE" ]; then
fi fi
# Combine all hashes for CSP # Combine all hashes for CSP
echo "Updating Caddyfile CSP headers..." echo "Skipping CSP header updates (disabled)"
SCRIPT_HASHES_STR=$(printf " %s" "${SCRIPT_HASHES[@]}")
STYLE_HASHES_STR=$(printf " %s" "${STYLE_HASHES[@]}")
# Create the CSP string
CSP_STRING="default-src 'none'; script-src 'self' https://metrics.nixc.us 'sha256-aSi4/F2xxTg7cs3QbVq7ncUMa1ivQeVC8umnPRDtFyM='$SCRIPT_HASHES_STR; style-src 'self'$STYLE_HASHES_STR; img-src 'self' https://metrics.nixc.us data:; font-src 'self' data:; connect-src 'self' https://metrics.nixc.us; object-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none';"
# Check if Caddyfile exists before attempting to modify it
if [ -f "$CADDYFILE" ]; then
# Create a temporary file for the Caddyfile update
tmp_file=$(mktemp)
# Update CSP in Caddyfile using awk for more reliable text processing
awk -v csp_string="$CSP_STRING" '
{
if ($0 ~ /Content-Security-Policy/) {
gsub(/Content-Security-Policy "[^"]*"/, "Content-Security-Policy \"" csp_string "\"");
}
print;
}' "$CADDYFILE" > "$tmp_file"
# Replace original Caddyfile with modified content
mv "$tmp_file" "$CADDYFILE"
else
echo "Warning: Caddyfile not found at $CADDYFILE"
fi
# Also update Caddyfile.local if it exists
if [ -f "$BASE_DIR/Caddyfile.local" ]; then
echo "Updating Caddyfile.local CSP headers..."
tmp_file=$(mktemp)
awk -v csp_string="$CSP_STRING" '
{
if ($0 ~ /Content-Security-Policy/) {
gsub(/Content-Security-Policy "[^"]*"/, "Content-Security-Policy \"" csp_string "\"");
}
print;
}' "$BASE_DIR/Caddyfile.local" > "$tmp_file"
# Replace original Caddyfile.local with modified content
mv "$tmp_file" "$BASE_DIR/Caddyfile.local"
fi
# Add CSP meta tags to HTML files
echo "Adding CSP meta tags to HTML files..."
for html_file in $(find "$BASE_DIR" -name "*.html" -type f); do
echo "Adding CSP meta tag to $html_file"
# Create a temporary file for the replacement
tmp_file=$(mktemp)
# Check if the file already has a CSP meta tag
if grep -q '<meta http-equiv="Content-Security-Policy"' "$html_file"; then
# Update existing CSP meta tag
awk -v csp_string="$CSP_STRING" '
{
if ($0 ~ /<meta http-equiv="Content-Security-Policy"/) {
gsub(/<meta http-equiv="Content-Security-Policy" content="[^"]*"/, "<meta http-equiv=\"Content-Security-Policy\" content=\"" csp_string "\"");
}
print;
}' "$html_file" > "$tmp_file"
else
# Add CSP meta tag after the last meta tag
awk -v csp_string="$CSP_STRING" '
{
print;
if ($0 ~ /<\/head>/ && !added_csp) {
print " <meta http-equiv=\"Content-Security-Policy\" content=\"" csp_string "\">";
added_csp = 1;
}
}' "$html_file" > "$tmp_file"
fi
# Replace original file with modified content
mv "$tmp_file" "$html_file"
done
echo "CSP hashes updated successfully!" echo "CSP hashes updated successfully!"
echo "To apply changes, restart the server using: ./caddy.sh" echo "To apply changes, restart the server using: ./caddy.sh"