From b10cbe693890ff14f02ca88d43fade9b60cf8d30 Mon Sep 17 00:00:00 2001
From: Yassine Rais <yassmailrais@gmail.com>
Date: Mon, 7 Feb 2022 13:23:14 +0100
Subject: [PATCH] trying to fix csp , allow to inject avatars source to csp in
 nginx config

---
 .github/workflows/build.yaml   | 3 ++-
 .github/workflows/release.yaml | 5 +++++
 entrypoint.sh                  | 6 ++++--
 nginx.conf                     | 2 +-
 4 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 45b43d2..9343ca8 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -6,8 +6,9 @@ on:
       - build
 env:
   IMAGE: saferwall/ui
-  VUE_APP_CSP_HOSTS: "*.saferwall.com saferwall.com"
   VUE_APP_ANALYTICS_GOOGLE_TAG: UA-111524273-1
+  VUE_APP_CSP_HOSTS: "*.saferwall.com saferwall.com"
+  VUE_APP_BASE_URI: "https://saferwall.com/"
   VUE_APP_API_BASE_URL: "https://api.saferwall.com/v1/"
   VUE_APP_AVATAR_BASE_URL: "https://avatar.saferwall.com/"
 
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 07c4932..c68d784 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -2,6 +2,11 @@ name: UI Release
 on: workflow_dispatch
 env:
   IMAGE: saferwall/ui
+  VUE_APP_ANALYTICS_GOOGLE_TAG: UA-111524273-1
+  VUE_APP_CSP_HOSTS: "*.saferwall.com saferwall.com"
+  VUE_APP_BASE_URI: "https://saferwall.com/"
+  VUE_APP_API_BASE_URL: "https://api.saferwall.com/v1/"
+  VUE_APP_AVATAR_BASE_URL: "https://avatar.saferwall.com/"
 
 jobs:
   docker-release:
diff --git a/entrypoint.sh b/entrypoint.sh
index 43e9ac3..a38d4d1 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -11,8 +11,10 @@ do
   fi
 
   envsubst '$VUE_APP_BASE_URI' < $file.tmpl.js > $file
-  envsubst '$VUE_APP_API_BASE_URL' < $file > $file
-  envsubst '$VUE_APP_AVATAR_BASE_URL' < $file > $file
+  cp $file $file.tmpl.js
+  envsubst '$VUE_APP_API_BASE_URL' < $file.tmpl.js > $file
+  cp $file $file.tmpl.js
+  envsubst '$VUE_APP_AVATAR_BASE_URL' < $file.tmpl.js > $file
 done
 
 # -------------
diff --git a/nginx.conf b/nginx.conf
index 4359d41..d1809f1 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -17,7 +17,7 @@ server {
   add_header X-Frame-Options "DENY";
   add_header X-Content-Type-Options nosniff;
   add_header X-XSS-Protection "1; mode=block";
-  add_header Content-Security-Policy "script-src 'unsafe-eval' 'unsafe-inline' 'self'; style-src 'unsafe-inline' fonts.googleapis.com 'self'; s object-src 'none'; base-uri 'self'; form-action 'self'; img-src 'self' data:;";
+  add_header Content-Security-Policy "script-src 'unsafe-eval' 'unsafe-inline' 'self'; style-src 'unsafe-inline' fonts.googleapis.com 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; img-src 'self' data:;";
 
   location / {
     try_files $uri $uri/ @rewrites;