24 lines
1.5 KiB
Plaintext
24 lines
1.5 KiB
Plaintext
---
|
|
description:
|
|
globs: *.js,*.css
|
|
alwaysApply: false
|
|
---
|
|
# Asset Hashing and CSP Update Rule
|
|
|
|
This rule ensures that all `.js` and `.css` assets are properly hashed and their integrity hashes are updated in `index.html` and added to the Content Security Policy (CSP) in the `Caddyfile` during every build and push process.
|
|
|
|
## Process to Follow
|
|
|
|
1. **Hash Calculation**: Before building the Docker image, calculate the SHA256 hash for each `.js` and `.css` file in the `docker/resume/` directory using a command like `shasum -a 256 filename | awk '{print $1}' | xxd -r -p | base64`.
|
|
2. **Update index.html**: Update the `integrity` attribute in the `<script>` and `<link>` tags in `index.html` with the new hashes for each respective file.
|
|
3. **Update CSP in Caddyfile**: Ensure the CSP in the `Caddyfile` includes the hashes for all scripts and styles under `script-src` and `style-src` directives respectively.
|
|
4. **Automate in Build Script**: Modify the `build-test-deploy.sh` script to automate the hashing and updating process before the Docker build step.
|
|
5. **Verification**: After updating, verify that the hashes in `index.html` and `Caddyfile` match the calculated hashes to prevent deployment with mismatched integrity.
|
|
|
|
## Relevant Files
|
|
- [docker/resume/index.html](mdc:docker/resume/index.html)
|
|
- [docker/resume/Caddyfile](mdc:docker/resume/Caddyfile)
|
|
- [build-test-deploy.sh](mdc:build-test-deploy.sh)
|
|
|
|
This rule must be followed to maintain security integrity and prevent CSP violations during deployment.
|