Disable CSP injection logic in update-csp-hashes.sh (no-op)
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/push/woodpecker Pipeline was successful
Details
This commit is contained in:
parent
d785776966
commit
8909ece16c
|
|
@ -158,83 +158,7 @@ if [ -f "$TEMP_INLINE_HASHES_FILE" ]; then
|
|||
fi
|
||||
|
||||
# Combine all hashes for CSP
|
||||
echo "Updating Caddyfile CSP headers..."
|
||||
SCRIPT_HASHES_STR=$(printf " %s" "${SCRIPT_HASHES[@]}")
|
||||
STYLE_HASHES_STR=$(printf " %s" "${STYLE_HASHES[@]}")
|
||||
|
||||
# Create the CSP string
|
||||
CSP_STRING="default-src 'none'; script-src 'self' https://metrics.nixc.us 'sha256-aSi4/F2xxTg7cs3QbVq7ncUMa1ivQeVC8umnPRDtFyM='$SCRIPT_HASHES_STR; style-src 'self'$STYLE_HASHES_STR; img-src 'self' https://metrics.nixc.us data:; font-src 'self' data:; connect-src 'self' https://metrics.nixc.us; object-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none';"
|
||||
|
||||
# Check if Caddyfile exists before attempting to modify it
|
||||
if [ -f "$CADDYFILE" ]; then
|
||||
# Create a temporary file for the Caddyfile update
|
||||
tmp_file=$(mktemp)
|
||||
|
||||
# Update CSP in Caddyfile using awk for more reliable text processing
|
||||
awk -v csp_string="$CSP_STRING" '
|
||||
{
|
||||
if ($0 ~ /Content-Security-Policy/) {
|
||||
gsub(/Content-Security-Policy "[^"]*"/, "Content-Security-Policy \"" csp_string "\"");
|
||||
}
|
||||
print;
|
||||
}' "$CADDYFILE" > "$tmp_file"
|
||||
|
||||
# Replace original Caddyfile with modified content
|
||||
mv "$tmp_file" "$CADDYFILE"
|
||||
else
|
||||
echo "Warning: Caddyfile not found at $CADDYFILE"
|
||||
fi
|
||||
|
||||
# Also update Caddyfile.local if it exists
|
||||
if [ -f "$BASE_DIR/Caddyfile.local" ]; then
|
||||
echo "Updating Caddyfile.local CSP headers..."
|
||||
tmp_file=$(mktemp)
|
||||
|
||||
awk -v csp_string="$CSP_STRING" '
|
||||
{
|
||||
if ($0 ~ /Content-Security-Policy/) {
|
||||
gsub(/Content-Security-Policy "[^"]*"/, "Content-Security-Policy \"" csp_string "\"");
|
||||
}
|
||||
print;
|
||||
}' "$BASE_DIR/Caddyfile.local" > "$tmp_file"
|
||||
|
||||
# Replace original Caddyfile.local with modified content
|
||||
mv "$tmp_file" "$BASE_DIR/Caddyfile.local"
|
||||
fi
|
||||
|
||||
# Add CSP meta tags to HTML files
|
||||
echo "Adding CSP meta tags to HTML files..."
|
||||
for html_file in $(find "$BASE_DIR" -name "*.html" -type f); do
|
||||
echo "Adding CSP meta tag to $html_file"
|
||||
|
||||
# Create a temporary file for the replacement
|
||||
tmp_file=$(mktemp)
|
||||
|
||||
# Check if the file already has a CSP meta tag
|
||||
if grep -q '<meta http-equiv="Content-Security-Policy"' "$html_file"; then
|
||||
# Update existing CSP meta tag
|
||||
awk -v csp_string="$CSP_STRING" '
|
||||
{
|
||||
if ($0 ~ /<meta http-equiv="Content-Security-Policy"/) {
|
||||
gsub(/<meta http-equiv="Content-Security-Policy" content="[^"]*"/, "<meta http-equiv=\"Content-Security-Policy\" content=\"" csp_string "\"");
|
||||
}
|
||||
print;
|
||||
}' "$html_file" > "$tmp_file"
|
||||
else
|
||||
# Add CSP meta tag after the last meta tag
|
||||
awk -v csp_string="$CSP_STRING" '
|
||||
{
|
||||
print;
|
||||
if ($0 ~ /<\/head>/ && !added_csp) {
|
||||
print " <meta http-equiv=\"Content-Security-Policy\" content=\"" csp_string "\">";
|
||||
added_csp = 1;
|
||||
}
|
||||
}' "$html_file" > "$tmp_file"
|
||||
fi
|
||||
|
||||
# Replace original file with modified content
|
||||
mv "$tmp_file" "$html_file"
|
||||
done
|
||||
echo "Skipping CSP header updates (disabled)"
|
||||
|
||||
echo "CSP hashes updated successfully!"
|
||||
echo "To apply changes, restart the server using: ./caddy.sh"
|
||||
Loading…
Reference in New Issue