midgard/MapComplete
1
0
Fork 0
forked from MapComplete/MapComplete
Code Pull requests Activity

Chore: move csp-report-header to caddyfile

Browse source
This commit is contained in:
Pieter Vander Vennet 2025-03-01 02:43:57 +01:00
parent 904c4573aa
commit 8d798e3b7a
2 changed files with 33 additions and 26 deletions
Docs/ServerConfig/hetzner
Caddyfile
scripts
generateLayouts.ts

8
Docs/ServerConfig/hetzner/Caddyfile
View file

@ -3,6 +3,7 @@ builds.mapcomplete.org {
file_server browse
header {
+Permissions-Policy "interest-cohort=()"
Report-To "{\"group\":\"csp-endpoint\", \"max_age\":86400, \"endpoints\":[{\"url\":\"https://report.mapcomplete.org/csp\"}], \"include_subdomains\":true}"
}
}
@ -12,6 +13,7 @@ mapcomplete.org, www.mapcomplete.org {
file_server
header {
+Permissions-Policy "interest-cohort=()"
Report-To "{\"group\":\"csp-endpoint\", \"max_age\":86400, \"endpoints\":[{\"url\":\"https://report.mapcomplete.org/csp\"}], \"include_subdomains\":true}"
}
handle_errors {
@404 {
@ -28,6 +30,7 @@ dev.mapcomplete.org {
file_server
header {
+Permissions-Policy "interest-cohort=()"
header Report-To "{\"group\":\"csp-endpoint\", \"max_age\":86400, \"endpoints\":[{\"url\":\"https://report.mapcomplete.org/csp\"}], \"include_subdomains\":true}"
}
handle_errors {
@404 {
@ -43,6 +46,7 @@ single.mapcomplete.org {
file_server browse
header {
+Permissions-Policy "interest-cohort=()"
Report-To "{\"group\":\"csp-endpoint\", \"max_age\":86400, \"endpoints\":[{\"url\":\"https://report.mapcomplete.org/csp\"}], \"include_subdomains\":true}"
}
}
@ -59,6 +63,7 @@ velopark.mapcomplete.org {
file_server
header {
+Permissions-Policy "interest-cohort=()"
Report-To "{\"group\":\"csp-endpoint\", \"max_age\":86400, \"endpoints\":[{\"url\":\"https://report.mapcomplete.org/csp\"}], \"include_subdomains\":true}"
}
}
@ -86,6 +91,9 @@ report.mapcomplete.org {
studio.mapcomplete.org {
reverse_proxy http://127.0.0.1:1235
header {
Report-To "{\"group\":\"csp-endpoint\", \"max_age\":86400, \"endpoints\":[{\"url\":\"https://report.mapcomplete.org/csp\"}], \"include_subdomains\":true}"
}
}
lod.mapcomplete.org {

51
scripts/generateLayouts.ts
View file

@ -107,9 +107,9 @@ class GenerateLayouts extends Script {
if (!layout.icon.endsWith(".svg")) {
console.warn(
"Not creating a social image for " +
layout.id +
" as it is _not_ a .svg: " +
layout.icon
layout.id +
" as it is _not_ a .svg: " +
layout.icon
)
return undefined
}
@ -142,9 +142,9 @@ class GenerateLayouts extends Script {
id: "icon",
transform: `translate(${cx - r},${cy - r}) scale(${
(r * 2) / Number(width)
}) `,
}) `
},
g: [svg],
g: [svg]
}
},
(mightBeTokenToReplace) => {
@ -205,19 +205,19 @@ class GenerateLayouts extends Script {
icons.push({
src: name,
sizes: size + "x" + size,
type: "image/png",
type: "image/png"
})
}
icons.push({
src: path,
sizes: "513x513",
type: "image/svg",
type: "image/svg"
})
} else if (icon.endsWith(".png")) {
icons.push({
src: icon,
sizes: "513x513",
type: "image/png",
type: "image/png"
})
} else {
console.log(icon)
@ -236,11 +236,11 @@ class GenerateLayouts extends Script {
description: ogDescr,
orientation: "portrait-primary, landscape-primary",
icons: icons,
categories: ["map", "navigation"],
categories: ["map", "navigation"]
}
return {
manifest,
whiteIcons,
whiteIcons
}
}
@ -251,7 +251,7 @@ class GenerateLayouts extends Script {
if (lang === "_context") {
continue
}
let display = ' style="display: none"'
let display = " style=\"display: none\""
if (!defaultSet) {
display = ""
defaultSet = true
@ -272,7 +272,7 @@ class GenerateLayouts extends Script {
...eli.features,
bing,
...eli_global.map((properties) => ({ properties })),
...layers_global.layers.map((properties) => ({ properties })),
...layers_global.layers.map((properties) => ({ properties }))
]
for (const feature of rasterLayers) {
const f = <RasterLayerPolygon>feature
@ -293,7 +293,7 @@ class GenerateLayouts extends Script {
url = url.substring("pmtiles://".length)
}
const styleSpec = await Utils.downloadJsonCached(url, 1000 * 120, {
Origin: "https://mapcomplete.org",
Origin: "https://mapcomplete.org"
})
urls.push(...(f.properties["connect-src"] ?? []))
for (const key of Object.keys(styleSpec?.["sources"] ?? {})) {
@ -309,7 +309,7 @@ class GenerateLayouts extends Script {
urls.push(url)
if (urlClipped.endsWith(".json")) {
const tileInfo = await Utils.downloadJsonCached(url, 1000 * 120, {
Origin: "https://mapcomplete.org",
Origin: "https://mapcomplete.org"
})
urls.push(tileInfo["tiles"] ?? [])
}
@ -338,7 +338,7 @@ class GenerateLayouts extends Script {
"https://api.panoramax.xyz",
"https://panoramax.mapcomplete.org",
"https://data.velopark.be",
"https://data.mapcomplete.org",
"https://data.mapcomplete.org"
].concat(...(await this.eliUrls()))
SpecialVisualizations.specialVisualizations.forEach((sv) => {
@ -427,23 +427,22 @@ class GenerateLayouts extends Script {
"default-src": "'self'",
"child-src": "'self' blob: ",
"img-src": "* data:", // maplibre depends on 'data:' to load
"connect-src": "'self' " + connectSrc.join(" "),
"report-to": "https://report.mapcomplete.org/csp",
"worker-src": "'self' blob:", // Vite somehow loads the worker via a 'blob'
"style-src": "'self' 'unsafe-inline'", // unsafe-inline is needed to change the default background pin colours
"script-src": [
"'self'",
"https://gc.zgo.at/count.js",
...(options?.scriptSrcs?.map((s) => "'" + s + "'") ?? []),
...(options?.scriptSrcs?.map((s) => "'" + s + "'") ?? [])
].join(" "),
"connect-src": "'self' " + connectSrc.join(" ")
}
const content = Object.keys(csp)
.map((k) => k + " " + csp[k])
.join(" ; ")
return [
`<meta http-equiv ="Report-To" content='{"group":"csp-endpoint", "max_age": 86400,"endpoints": [\{"url": "https://report.mapcomplete.org/csp"}], "include_subdomains": true}'>`,
`<meta http-equiv="Content-Security-Policy" content="${content}">`,
`<meta http-equiv="Content-Security-Policy" content="${content}">`
].join("\n")
}
@ -455,12 +454,12 @@ class GenerateLayouts extends Script {
) {
Locale.language.setData(layout.language[0])
const targetLanguage = layout.language[0]
const ogTitle = Translations.T(layout.title).textFor(targetLanguage).replace(/"/g, '\\"')
const ogTitle = Translations.T(layout.title).textFor(targetLanguage).replace(/"/g, "\\\"")
const ogDescr = Translations.T(
layout.shortDescription ?? "Easily add and edit geodata with OpenStreetMap"
)
.textFor(targetLanguage)
.replace(/"/g, '\\"')
.replace(/"/g, "\\\"")
let ogImage = layout.socialImage
let twitterImage = ogImage
if (ogImage === ThemeConfig.defaultSocialImage && layout.official) {
@ -531,7 +530,7 @@ class GenerateLayouts extends Script {
og,
customCss,
`<link rel="icon" href="${icon}" sizes="any" type="image/svg+xml">`,
...apple_icons,
...apple_icons
].join("\n")
let branchname = await this.getBranchName()
@ -554,7 +553,7 @@ class GenerateLayouts extends Script {
.replace(
/<!-- CSP -->/,
await this.generateCsp(layout, layoutJson, {
scriptSrcs: [this.removeOtherLanguagesHash],
scriptSrcs: [this.removeOtherLanguagesHash]
})
)
.replace(
@ -585,7 +584,7 @@ class GenerateLayouts extends Script {
const imports = [
`import theme from "./public/assets/generated/themes/${theme.id}.json"`,
`import { ThemeMetaTagging } from "./src/assets/generated/metatagging/${theme.id}"`,
`import { ThemeMetaTagging } from "./src/assets/generated/metatagging/${theme.id}"`
]
for (const layerName of Constants.added_by_default) {
imports.push(
@ -632,7 +631,7 @@ class GenerateLayouts extends Script {
"account",
"openstreetmap",
"custom",
"theme",
"theme"
]
const args = process.argv
const theme = args[2]
@ -683,7 +682,7 @@ class GenerateLayouts extends Script {
startLon: 0,
startZoom: 0,
title: { en: "MapComplete" },
description: { en: "A thematic map viewer and editor based on OpenStreetMap" },
description: { en: "A thematic map viewer and editor based on OpenStreetMap" }
}),
alreadyWritten
)