mirror of
https://github.com/coulisse/spiderweb.git
synced 2024-09-21 07:27:09 +00:00
csp report
This commit is contained in:
parent
fbd2ada1d9
commit
44d8164755
@ -24,10 +24,5 @@ keywords:
|
||||
- dxcluster
|
||||
- spiderweb
|
||||
license: GPL-3.0
|
||||
<<<<<<< HEAD
|
||||
version: v2.4.5.1
|
||||
date-released: 2023-11-12
|
||||
=======
|
||||
version: v2.4.5.1
|
||||
date-released: 2023-11-12
|
||||
>>>>>>> staging
|
||||
date-released: 2023-11-14
|
||||
|
@ -12,7 +12,7 @@ level=INFO
|
||||
handlers=stream_handler,file_handler
|
||||
|
||||
[logger_webapp]
|
||||
level=INFO
|
||||
level=DEBUG
|
||||
handlers=stream_handler,file_handler
|
||||
qualname=webapp
|
||||
propagate=0
|
||||
|
@ -1,4 +1,9 @@
|
||||
### Change log
|
||||
Date: 14/11/2023
|
||||
Release: v2.4.5.1
|
||||
- security issue #46
|
||||
|
||||
___
|
||||
Date: 12/11/2023
|
||||
Release: v2.4.5.1
|
||||
- managed telnet password
|
||||
|
@ -1,40 +1,28 @@
|
||||
astroid==2.12.14
|
||||
blinker==1.6.2
|
||||
charset-normalizer==2.1.1
|
||||
click==8.1.3
|
||||
dill==0.3.6
|
||||
docopt-ng==0.8.1
|
||||
easywatch==0.0.5
|
||||
Flask==2.3.3
|
||||
Flask-Consent==0.0.3
|
||||
Flask-Minify==0.41
|
||||
Flask-WTF==1.1.1
|
||||
blinker==1.7.0
|
||||
charset-normalizer==3.3.2
|
||||
click==8.1.7
|
||||
Flask==3.0.0
|
||||
Flask-Minify==0.42
|
||||
Flask-WTF==1.2.1
|
||||
htmlmin==0.1.12
|
||||
idna==3.4
|
||||
isort==5.11.4
|
||||
itsdangerous==2.1.2
|
||||
Jinja2==3.1.2
|
||||
jsmin==3.0.1
|
||||
lazy-object-proxy==1.9.0
|
||||
lesscpy==0.15.1
|
||||
markup==0.2
|
||||
MarkupSafe==2.1.1
|
||||
mccabe==0.7.0
|
||||
mysql-connector-python==8.2.0
|
||||
numpy==1.24.1
|
||||
pandas==1.5.2
|
||||
platformdirs==2.6.2
|
||||
MarkupSafe==2.1.3
|
||||
mysql-connector-python>=8.2.0
|
||||
numpy==1.26.1
|
||||
pandas==2.1.3
|
||||
ply==3.11
|
||||
protobuf==4.21.12
|
||||
python-dateutil==2.8.2
|
||||
pytz==2022.7
|
||||
rcssmin==1.1.1
|
||||
pytz==2023.3.post1
|
||||
rcssmin==1.1.2
|
||||
requests==2.31.0
|
||||
six==1.16.0
|
||||
tomlkit==0.11.6
|
||||
tzdata==2023.3
|
||||
urllib3==2.0.7
|
||||
watchdog==3.0.0
|
||||
Werkzeug==2.3.8
|
||||
wrapt==1.14.1
|
||||
WTForms==3.0.1
|
||||
xxhash==3.1.0
|
||||
Werkzeug==3.0.1
|
||||
WTForms==3.1.1
|
||||
xxhash==3.4.1
|
||||
|
@ -131,6 +131,7 @@ if [ "$1" == "-r" ]; then
|
||||
|
||||
echo 'force some requirements...'
|
||||
sed -i 's/mysql-connector-python==8.0.31/mysql-connector-python>=8.0.31/' ../requirements.txt
|
||||
sed -i 's/mysql-connector-python==8.2.0/mysql-connector-python>=8.2.0/' ../requirements.txt
|
||||
|
||||
if ! sed -i '13,20s/level=DEBUG/level=INFO/g' ${app_ini}; then
|
||||
echo 'ERROR settimg loglevel=INFO '
|
||||
|
@ -6,11 +6,9 @@ function myCallsignSearch(event) {
|
||||
|
||||
var callsign=document.getElementById('callsignInput').value;
|
||||
|
||||
//construct query parameters
|
||||
//replacing space and tab in callsign and set location href to the specific page
|
||||
if (callsign.replace(/\s/g, '').length > 0) {
|
||||
location.href = ('/callsign.html?c=').concat((callsign.trim()).toUpperCase());
|
||||
//form.action="index.html";
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -4,7 +4,7 @@ const CACHE_NAME = 'pwa-spiderweb_v2.4.5.1'
|
||||
// Dichiarazione della costante per gli URL da mettere in cache
|
||||
const URLS_TO_CACHE = [
|
||||
'/static/images/background.webp',
|
||||
'/static/css/rel/style.min.css',
|
||||
'/static/css/dev/style.css',
|
||||
'/static/images/icons/favicon.ico',
|
||||
'/static/images/icons/icon-144x144.png',
|
||||
'/static/images/icons/icon-152x152.png',
|
||||
@ -18,9 +18,9 @@ const URLS_TO_CACHE = [
|
||||
'/static/images/icons/icon-96x96.png',
|
||||
'/static/images/icons/icon-apple.png',
|
||||
'/static/images/icons/spider_ico_master.svg',
|
||||
'/static/js/rel/callsign_inline.min.js',
|
||||
'/static/js/rel/callsign_search.min.js',
|
||||
'/static/js/rel/common.min.js',
|
||||
'/static/js/dev/callsign_inline.js',
|
||||
'/static/js/dev/callsign_search.js',
|
||||
'/static/js/dev/common.js',
|
||||
'/index.html',
|
||||
'/plots.html',
|
||||
'/privacy.html',
|
||||
|
@ -14,7 +14,7 @@
|
||||
<link rel="icon" href="/static/images/icons/spider_ico_master.svg" type="image/svg+xml">
|
||||
<link rel="apple-touch-icon" href="/static/images/icons/icon-apple.png">
|
||||
<link rel="manifest" href="/static/pwa/manifest.webmanifest">
|
||||
<link rel="stylesheet" href="/static/css/rel/style.min.css">
|
||||
<link rel="stylesheet" href="/static/css/dev/style.css">
|
||||
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css"
|
||||
integrity="sha384-rbsA2VBKQhggwzxH7pPCaAqO46MgnOM80zW1RWuH61DGLwZJEdK2Kadq2F9CUG65" crossorigin="anonymous">
|
||||
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/6.15.0/css/flag-icons.min.css"
|
||||
@ -94,20 +94,20 @@
|
||||
<span id="version">v2.4.5.1</span>
|
||||
</div>
|
||||
</footer>
|
||||
<script async src="static/js/rel/load-sw.min.js"></script>
|
||||
<script async src="static/js/dev/load-sw.js"></script>
|
||||
<script nonce="{{ inline_script_nonce }}">
|
||||
{% block app_data %}
|
||||
var my_callsign = '{{mycallsign}}';
|
||||
{% endblock app_data %}
|
||||
</script>
|
||||
<script defer src="static/js/rel/common.min.js"></script>
|
||||
<script defer src="static/js/dev/common.js"></script>
|
||||
<script defer src="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/bootstrap.bundle.min.js"
|
||||
integrity="sha384-kenU1KFdBIe4zVF0s0G1M5b4hcpxyD9F7jL+jjXkk+Q2h455rYXK/7HAuoJl+0I4"
|
||||
crossorigin="anonymous"></script>
|
||||
|
||||
</body>
|
||||
{% block app_scripts %}
|
||||
<script async src="static/js/rel/callsign_search.min.js"></script>
|
||||
<script async src="static/js/dev/callsign_search.js"></script>
|
||||
{% endblock app_scripts %}
|
||||
{% block inline_scripts %}
|
||||
{% endblock inline_scripts %}
|
||||
@ -137,7 +137,7 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<script defer src="static/js/rel/cookie_consent.min.js"></script>
|
||||
<script defer src="static/js/dev/cookie_consent.js"></script>
|
||||
{% endif %}
|
||||
{% endblock cookie %}
|
||||
<!-- Back to top button -->
|
||||
|
@ -16,5 +16,5 @@
|
||||
var callsign = '{{callsign}}';
|
||||
{% endblock app_data %}
|
||||
{% block inline_scripts %}
|
||||
<script defer src="static/js/rel/callsign_inline.min.js"></script>
|
||||
<script defer src="static/js/dev/callsign_inline.js"></script>
|
||||
{% endblock %}
|
@ -311,8 +311,8 @@ var band_frequencies={{bands["bands"]|tojson|safe}};
|
||||
{% endblock app_data %}
|
||||
{% block app_scripts %}
|
||||
{{ super() }}
|
||||
<script defer src="static/js/rel/table.min.js"></script>
|
||||
<script defer src="static/js/dev/table.js"></script>
|
||||
{% endblock %}
|
||||
{% block inline_scripts %}
|
||||
<script defer src="static/js/rel/index_inline.min.js"></script>
|
||||
<script defer src="static/js/dev/index_inline.js"></script>
|
||||
{% endblock %}
|
@ -89,5 +89,5 @@ var band_frequencies={{bands["bands"]|tojson|safe}};
|
||||
<script defer src="https://cdnjs.cloudflare.com/ajax/libs/echarts/5.4.3/echarts.min.js"
|
||||
integrity="sha512-EmNxF3E6bM0Xg1zvmkeYD3HDBeGxtsG92IxFt1myNZhXdCav9MzvuH/zNMBU1DmIPN6njrhX1VTbqdJxQ2wHDg=="
|
||||
crossorigin="anonymous" referrerpolicy="no-referrer"></script>
|
||||
<script defer src="static/js/rel/plot.min.js"></script>
|
||||
<script defer src="static/js/dev/plot.js"></script>
|
||||
{% endblock app_scripts %}
|
14
webapp.py
14
webapp.py
@ -464,6 +464,14 @@ def get_world_dx_spots_live():
|
||||
response = flask.Response(status=204)
|
||||
return response
|
||||
|
||||
@app.route("/csp-reports", methods=['POST'])
|
||||
@csrf.exempt
|
||||
def csp_reports():
|
||||
report_data = request.get_data(as_text=True)
|
||||
logger.warning("CSP Report:")
|
||||
logger.warning(report_data)
|
||||
response=flask.Response(status=204)
|
||||
return response
|
||||
|
||||
@app.context_processor
|
||||
def inject_template_scope():
|
||||
@ -487,9 +495,6 @@ def add_security_headers(resp):
|
||||
resp.headers["Referrer-Policy"] = "strict-origin-when-cross-origin"
|
||||
resp.headers["Cache-Control"] = "public, no-cache"
|
||||
resp.headers["Pragma"] = "no-cache"
|
||||
|
||||
|
||||
|
||||
resp.headers["Content-Security-Policy"] = "\
|
||||
default-src 'self';\
|
||||
script-src 'self' cdnjs.cloudflare.com cdn.jsdelivr.net 'nonce-"+inline_script_nonce+"';\
|
||||
@ -504,7 +509,10 @@ def add_security_headers(resp):
|
||||
manifest-src 'self';\
|
||||
media-src 'self';\
|
||||
worker-src 'self';\
|
||||
worker-src 'self';\
|
||||
report-uri /csp-reports;\
|
||||
"
|
||||
|
||||
return resp
|
||||
|
||||
#script-src 'self' cdnjs.cloudflare.com cdn.jsdelivr.net 'nonce-sedfGFG32xs';\
|
||||
|
Loading…
Reference in New Issue
Block a user