Production , env config, nginx add csp headers

saferwall · Feb 4, 2022 · 83b4629 · 83b4629
1 parent 6c05f5c
commit 83b4629
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 20 deletions.
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -3,7 +3,7 @@
 # Replace env in app.*.js
 for file in /usr/share/nginx/html/js/app.*.js;
 do
-  echo "Processing $file ...";
+  echo "[Info] Processing $file ...";
 
   # Use the existing JS file as template
   if [ ! -f $file.tmpl.js ]; then
@@ -16,26 +16,19 @@ do
 done
 
 # Replace env in index.html
-if [ -z "${VUE_APP_CSP_HOSTS}" ]]; then
-  echo "VUE_APP_CSP_HOSTS env value is required";
-  exit 1;
-fi
-
 file="/usr/share/nginx/html/index.html";
-echo "Processing $file ...";
-cp $file $file.tmp
 
-envsubst '$VUE_APP_CSP_HOSTS' < $file.tmp > $file
+echo "[Info] Processing $file ...";
+cp $file $file.tmp
 
 head_tag="<\/head>"
-# Inject extra headers
 if [ -z "${VUE_APP_ANALYTICS_GOOGLE_TAG}" ]; then
-  echo "VUE_APP_ANALYTICS_GOOGLE_TAG env value is not defined";
+  echo "[Info] VUE_APP_ANALYTICS_GOOGLE_TAG env value is not defined";
 else 
   # Inject google analytics
   g_tag='<script>window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;ga("create", "'$VUE_APP_ANALYTICS_GOOGLE_TAG'", "auto");ga("send", "pageview");<\/script><script async src="https:\/\/www.google-analytics.com\/analytics.js"><\/script>\n'$head_tag
   sed -i "s/$head_tag/$g_tag/g" $file
 fi
 
-echo "Starting Nginx"
+echo "[Info] Starting Nginx ..."
 nginx -g 'daemon off;'
diff --git a/nginx.conf b/nginx.conf
@@ -13,11 +13,18 @@ server {
   gzip_static on;
   gzip_min_length 500;
 
+
+  add_header X-Frame-Options "DENY";
+  add_header X-Content-Type-Options nosniff;
+  add_header X-XSS-Protection "1; mode=block";
+  add_header Content-Security-Policy "default-src 'self'; font-src *; script-src 'unsafe-eval' 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src *; object-src 'none'; base-uri 'self'; form-action 'self'; img-src * data:;";
+
   location / {
     try_files $uri $uri/ @rewrites;
   }
 
   location @rewrites {
+
     rewrite ^(.+)$ /index.html last;
   }
 

diff --git a/public/index.html b/public/index.html
@@ -5,10 +5,6 @@
   <meta charset="utf-8">
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <meta name="viewport" content="width=device-width,initial-scale=1.0">
-  <meta http-equiv="Content-Security-Policy" content="img-src cdnjs.cloudflare.com $VUE_APP_CSP_HOSTS 'self' data:;">
-  <meta http-equiv="Content-Security-Policy"
-    content="script-src 'unsafe-eval' 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com;">
-  <meta http-equiv="Content-Security-Policy" content="object-src 'none'; base-uri 'self'; form-action 'self'">
 
   <title>Saferwall</title>
 

diff --git a/src/common/config.js b/src/common/config.js
@@ -1,7 +1,7 @@
 export default class Config {
     static get CONFIG() {
         return {
-            baseURI: '$VUE_APP_BASE_URL',
+            baseURI: '$VUE_APP_BASE_URI',
             apiURL: '$VUE_APP_API_BASE_URL',
             avatarURL: '$VUE_APP_AVATAR_BASE_URL',
             isProd: process.env.NODE_ENV === 'production'
@@ -15,7 +15,6 @@ export default class Config {
         }
 
         const value = this.CONFIG[name]
-
         if (!value) {
             console.log(`Configuration: Value for "${name}" is not defined`)
             return

diff --git a/src/services/axios/index.js b/src/services/axios/index.js
@@ -1,7 +1,7 @@
 import axios from 'axios'
-import APP_CONFIGS from "@/common/config";
+import Config from "@/common/config";
 
 export default axios.create({
-    baseURL: APP_CONFIGS.apiURL,
+    baseURL: Config.value('apiURL'),
     withCredentials: true
 })