Bastian-Greshake-Tzovaras/MapComplete
1
0
Fork 0
forked from MapComplete/MapComplete
Code Pull requests Activity

Chore: move csp-report-header to caddyfile

Browse source
This commit is contained in:
Pieter Vander Vennet 2025-03-01 02:43:57 +01:00
parent 904c4573aa
commit 8d798e3b7a
2 changed files with 33 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Docs/ServerConfig/hetzner/Caddyfile
View file

@ -3,6 +3,7 @@ builds.mapcomplete.org {
file_server browse file_server browse
header { header {
+Permissions-Policy "interest-cohort=()" +Permissions-Policy "interest-cohort=()"
Report-To "{\"group\":\"csp-endpoint\", \"max_age\":86400, \"endpoints\":[{\"url\":\"https://report.mapcomplete.org/csp\"}], \"include_subdomains\":true}"
} }
} }
@ -12,6 +13,7 @@ mapcomplete.org, www.mapcomplete.org {
file_server file_server
header { header {
+Permissions-Policy "interest-cohort=()" +Permissions-Policy "interest-cohort=()"
Report-To "{\"group\":\"csp-endpoint\", \"max_age\":86400, \"endpoints\":[{\"url\":\"https://report.mapcomplete.org/csp\"}], \"include_subdomains\":true}"
} }
handle_errors { handle_errors {
@404 { @404 {
@ -28,6 +30,7 @@ dev.mapcomplete.org {
file_server file_server
header { header {
+Permissions-Policy "interest-cohort=()" +Permissions-Policy "interest-cohort=()"
header Report-To "{\"group\":\"csp-endpoint\", \"max_age\":86400, \"endpoints\":[{\"url\":\"https://report.mapcomplete.org/csp\"}], \"include_subdomains\":true}"
} }
handle_errors { handle_errors {
@404 { @404 {
@ -43,6 +46,7 @@ single.mapcomplete.org {
file_server browse file_server browse
header { header {
+Permissions-Policy "interest-cohort=()" +Permissions-Policy "interest-cohort=()"
Report-To "{\"group\":\"csp-endpoint\", \"max_age\":86400, \"endpoints\":[{\"url\":\"https://report.mapcomplete.org/csp\"}], \"include_subdomains\":true}"
} }
} }
@ -59,6 +63,7 @@ velopark.mapcomplete.org {
file_server file_server
header { header {
+Permissions-Policy "interest-cohort=()" +Permissions-Policy "interest-cohort=()"
Report-To "{\"group\":\"csp-endpoint\", \"max_age\":86400, \"endpoints\":[{\"url\":\"https://report.mapcomplete.org/csp\"}], \"include_subdomains\":true}"
} }
} }
@ -86,6 +91,9 @@ report.mapcomplete.org {
studio.mapcomplete.org { studio.mapcomplete.org {
reverse_proxy http://127.0.0.1:1235 reverse_proxy http://127.0.0.1:1235
header {
Report-To "{\"group\":\"csp-endpoint\", \"max_age\":86400, \"endpoints\":[{\"url\":\"https://report.mapcomplete.org/csp\"}], \"include_subdomains\":true}"
}
} }
lod.mapcomplete.org { lod.mapcomplete.org {

51
scripts/generateLayouts.ts
View file

@ -107,9 +107,9 @@ class GenerateLayouts extends Script {
if (!layout.icon.endsWith(".svg")) { if (!layout.icon.endsWith(".svg")) {
console.warn( console.warn(
"Not creating a social image for " + "Not creating a social image for " +
layout.id + layout.id +
" as it is _not_ a .svg: " + " as it is _not_ a .svg: " +
layout.icon layout.icon
) )
return undefined return undefined
} }
@ -142,9 +142,9 @@ class GenerateLayouts extends Script {
id: "icon", id: "icon",
transform: `translate(${cx - r},${cy - r}) scale(${ transform: `translate(${cx - r},${cy - r}) scale(${
(r * 2) / Number(width) (r * 2) / Number(width)
}) `, }) `
}, },
g: [svg], g: [svg]
} }
}, },
(mightBeTokenToReplace) => { (mightBeTokenToReplace) => {
@ -205,19 +205,19 @@ class GenerateLayouts extends Script {
icons.push({ icons.push({
src: name, src: name,
sizes: size + "x" + size, sizes: size + "x" + size,
type: "image/png", type: "image/png"
}) })
} }
icons.push({ icons.push({
src: path, src: path,
sizes: "513x513", sizes: "513x513",
type: "image/svg", type: "image/svg"
}) })
} else if (icon.endsWith(".png")) { } else if (icon.endsWith(".png")) {
icons.push({ icons.push({
src: icon, src: icon,
sizes: "513x513", sizes: "513x513",
type: "image/png", type: "image/png"
}) })
} else { } else {
console.log(icon) console.log(icon)
@ -236,11 +236,11 @@ class GenerateLayouts extends Script {
description: ogDescr, description: ogDescr,
orientation: "portrait-primary, landscape-primary", orientation: "portrait-primary, landscape-primary",
icons: icons, icons: icons,
categories: ["map", "navigation"], categories: ["map", "navigation"]
} }
return { return {
manifest, manifest,
whiteIcons, whiteIcons
} }
} }
@ -251,7 +251,7 @@ class GenerateLayouts extends Script {
if (lang === "_context") { if (lang === "_context") {
continue continue
} }
let display = ' style="display: none"' let display = " style=\"display: none\""
if (!defaultSet) { if (!defaultSet) {
display = "" display = ""
defaultSet = true defaultSet = true
@ -272,7 +272,7 @@ class GenerateLayouts extends Script {
...eli.features, ...eli.features,
bing, bing,
...eli_global.map((properties) => ({ properties })), ...eli_global.map((properties) => ({ properties })),
...layers_global.layers.map((properties) => ({ properties })), ...layers_global.layers.map((properties) => ({ properties }))
] ]
for (const feature of rasterLayers) { for (const feature of rasterLayers) {
const f = <RasterLayerPolygon>feature const f = <RasterLayerPolygon>feature
@ -293,7 +293,7 @@ class GenerateLayouts extends Script {
url = url.substring("pmtiles://".length) url = url.substring("pmtiles://".length)
} }
const styleSpec = await Utils.downloadJsonCached(url, 1000 * 120, { const styleSpec = await Utils.downloadJsonCached(url, 1000 * 120, {
Origin: "https://mapcomplete.org", Origin: "https://mapcomplete.org"
}) })
urls.push(...(f.properties["connect-src"] ?? [])) urls.push(...(f.properties["connect-src"] ?? []))
for (const key of Object.keys(styleSpec?.["sources"] ?? {})) { for (const key of Object.keys(styleSpec?.["sources"] ?? {})) {
@ -309,7 +309,7 @@ class GenerateLayouts extends Script {
urls.push(url) urls.push(url)
if (urlClipped.endsWith(".json")) { if (urlClipped.endsWith(".json")) {
const tileInfo = await Utils.downloadJsonCached(url, 1000 * 120, { const tileInfo = await Utils.downloadJsonCached(url, 1000 * 120, {
Origin: "https://mapcomplete.org", Origin: "https://mapcomplete.org"
}) })
urls.push(tileInfo["tiles"] ?? []) urls.push(tileInfo["tiles"] ?? [])
} }
@ -338,7 +338,7 @@ class GenerateLayouts extends Script {
"https://api.panoramax.xyz", "https://api.panoramax.xyz",
"https://panoramax.mapcomplete.org", "https://panoramax.mapcomplete.org",
"https://data.velopark.be", "https://data.velopark.be",
"https://data.mapcomplete.org", "https://data.mapcomplete.org"
].concat(...(await this.eliUrls())) ].concat(...(await this.eliUrls()))
SpecialVisualizations.specialVisualizations.forEach((sv) => { SpecialVisualizations.specialVisualizations.forEach((sv) => {
@ -427,23 +427,22 @@ class GenerateLayouts extends Script {
"default-src": "'self'", "default-src": "'self'",
"child-src": "'self' blob: ", "child-src": "'self' blob: ",
"img-src": "* data:", // maplibre depends on 'data:' to load "img-src": "* data:", // maplibre depends on 'data:' to load
"connect-src": "'self' " + connectSrc.join(" "),
"report-to": "https://report.mapcomplete.org/csp", "report-to": "https://report.mapcomplete.org/csp",
"worker-src": "'self' blob:", // Vite somehow loads the worker via a 'blob' "worker-src": "'self' blob:", // Vite somehow loads the worker via a 'blob'
"style-src": "'self' 'unsafe-inline'", // unsafe-inline is needed to change the default background pin colours "style-src": "'self' 'unsafe-inline'", // unsafe-inline is needed to change the default background pin colours
"script-src": [ "script-src": [
"'self'", "'self'",
"https://gc.zgo.at/count.js", "https://gc.zgo.at/count.js",
...(options?.scriptSrcs?.map((s) => "'" + s + "'") ?? []), ...(options?.scriptSrcs?.map((s) => "'" + s + "'") ?? [])
].join(" "), ].join(" "),
"connect-src": "'self' " + connectSrc.join(" ")
} }
const content = Object.keys(csp) const content = Object.keys(csp)
.map((k) => k + " " + csp[k]) .map((k) => k + " " + csp[k])
.join(" ; ") .join(" ; ")
return [ return [
`<meta http-equiv ="Report-To" content='{"group":"csp-endpoint", "max_age": 86400,"endpoints": [\{"url": "https://report.mapcomplete.org/csp"}], "include_subdomains": true}'>`, `<meta http-equiv="Content-Security-Policy" content="${content}">`
`<meta http-equiv="Content-Security-Policy" content="${content}">`,
].join("\n") ].join("\n")
} }
@ -455,12 +454,12 @@ class GenerateLayouts extends Script {
) { ) {
Locale.language.setData(layout.language[0]) Locale.language.setData(layout.language[0])
const targetLanguage = layout.language[0] const targetLanguage = layout.language[0]
const ogTitle = Translations.T(layout.title).textFor(targetLanguage).replace(/"/g, '\\"') const ogTitle = Translations.T(layout.title).textFor(targetLanguage).replace(/"/g, "\\\"")
const ogDescr = Translations.T( const ogDescr = Translations.T(
layout.shortDescription ?? "Easily add and edit geodata with OpenStreetMap" layout.shortDescription ?? "Easily add and edit geodata with OpenStreetMap"
) )
.textFor(targetLanguage) .textFor(targetLanguage)
.replace(/"/g, '\\"') .replace(/"/g, "\\\"")
let ogImage = layout.socialImage let ogImage = layout.socialImage
let twitterImage = ogImage let twitterImage = ogImage
if (ogImage === ThemeConfig.defaultSocialImage && layout.official) { if (ogImage === ThemeConfig.defaultSocialImage && layout.official) {
@ -531,7 +530,7 @@ class GenerateLayouts extends Script {
og, og,
customCss, customCss,
`<link rel="icon" href="${icon}" sizes="any" type="image/svg+xml">`, `<link rel="icon" href="${icon}" sizes="any" type="image/svg+xml">`,
...apple_icons, ...apple_icons
].join("\n") ].join("\n")
let branchname = await this.getBranchName() let branchname = await this.getBranchName()
@ -554,7 +553,7 @@ class GenerateLayouts extends Script {
.replace( .replace(
/<!-- CSP -->/, /<!-- CSP -->/,
await this.generateCsp(layout, layoutJson, { await this.generateCsp(layout, layoutJson, {
scriptSrcs: [this.removeOtherLanguagesHash], scriptSrcs: [this.removeOtherLanguagesHash]
}) })
) )
.replace( .replace(
@ -585,7 +584,7 @@ class GenerateLayouts extends Script {
const imports = [ const imports = [
`import theme from "./public/assets/generated/themes/${theme.id}.json"`, `import theme from "./public/assets/generated/themes/${theme.id}.json"`,
`import { ThemeMetaTagging } from "./src/assets/generated/metatagging/${theme.id}"`, `import { ThemeMetaTagging } from "./src/assets/generated/metatagging/${theme.id}"`
] ]
for (const layerName of Constants.added_by_default) { for (const layerName of Constants.added_by_default) {
imports.push( imports.push(
@ -632,7 +631,7 @@ class GenerateLayouts extends Script {
"account", "account",
"openstreetmap", "openstreetmap",
"custom", "custom",
"theme", "theme"
] ]
const args = process.argv const args = process.argv
const theme = args[2] const theme = args[2]
@ -683,7 +682,7 @@ class GenerateLayouts extends Script {
startLon: 0, startLon: 0,
startZoom: 0, startZoom: 0,
title: { en: "MapComplete" }, title: { en: "MapComplete" },
description: { en: "A thematic map viewer and editor based on OpenStreetMap" }, description: { en: "A thematic map viewer and editor based on OpenStreetMap" }
}), }),
alreadyWritten alreadyWritten
) )