Add subresource integrity for JS and CSS assets (#15096)
Fix #2744remotes/1727458204337373841/tmp_refs/heads/signup-info-prompt
parent
68d4b2b83e
commit
9b1f2a4b61
|
@ -2,7 +2,7 @@
|
|||
= site_hostname
|
||||
|
||||
- content_for :header_tags do
|
||||
= javascript_pack_tag 'public', integrity: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'public', crossorigin: 'anonymous'
|
||||
= render partial: 'shared/og'
|
||||
|
||||
.grid-4
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
= t('admin.action_logs.title')
|
||||
|
||||
- content_for :header_tags do
|
||||
= javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous'
|
||||
|
||||
= form_tag admin_action_logs_url, method: 'GET', class: 'simple_form' do
|
||||
= hidden_field_tag :target_account_id, params[:target_account_id] if params[:target_account_id].present?
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
= t('admin.custom_emojis.title')
|
||||
|
||||
- content_for :header_tags do
|
||||
= javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous'
|
||||
|
||||
- if can?(:create, :custom_emoji)
|
||||
- content_for :heading_actions do
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- content_for :header_tags do
|
||||
= javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous'
|
||||
|
||||
- content_for :page_title do
|
||||
= t('admin.domain_allows.add_new')
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- content_for :header_tags do
|
||||
= javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous'
|
||||
|
||||
- content_for :page_title do
|
||||
= t('admin.domain_blocks.edit')
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- content_for :header_tags do
|
||||
= javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous'
|
||||
|
||||
- content_for :page_title do
|
||||
= t('.title')
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
= t('admin.ip_blocks.title')
|
||||
|
||||
- content_for :header_tags do
|
||||
= javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous'
|
||||
|
||||
- if can?(:create, :ip_block)
|
||||
- content_for :heading_actions do
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
= t('admin.pending_accounts.title', count: User.pending.count)
|
||||
|
||||
- content_for :header_tags do
|
||||
= javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous'
|
||||
|
||||
= form_for(@form, url: batch_admin_pending_accounts_path) do |f|
|
||||
= hidden_field_tag :page, params[:page] || 1
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- content_for :header_tags do
|
||||
= javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous'
|
||||
|
||||
- content_for :page_title do
|
||||
= t('admin.reports.report', id: @report.id)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- content_for :header_tags do
|
||||
= javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous'
|
||||
|
||||
- content_for :page_title do
|
||||
= t('admin.settings.title')
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- content_for :header_tags do
|
||||
= javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous'
|
||||
|
||||
- content_for :page_title do
|
||||
= t('admin.statuses.title')
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
= t('admin.tags.title')
|
||||
|
||||
- content_for :header_tags do
|
||||
= javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous'
|
||||
|
||||
.filters
|
||||
.filter-subset
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
- content_for :page_title do
|
||||
= t('auth.login')
|
||||
|
||||
=javascript_pack_tag 'two_factor_authentication', integrity: true, crossorigin: 'anonymous'
|
||||
=javascript_pack_tag 'two_factor_authentication', crossorigin: 'anonymous'
|
||||
|
||||
- if @webauthn_enabled
|
||||
= render partial: 'auth/sessions/two_factor/webauthn_form', locals: { hidden: @scheme_type != 'webauthn' }
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
- content_for :header_tags do
|
||||
= preload_link_tag asset_pack_path('features/getting_started.js'), crossorigin: 'anonymous'
|
||||
= preload_link_tag asset_pack_path('features/compose.js'), crossorigin: 'anonymous'
|
||||
= preload_link_tag asset_pack_path('features/home_timeline.js'), crossorigin: 'anonymous'
|
||||
= preload_link_tag asset_pack_path('features/notifications.js'), crossorigin: 'anonymous'
|
||||
= preload_pack_asset 'features/getting_started.js', crossorigin: 'anonymous'
|
||||
= preload_pack_asset 'features/compose.js', crossorigin: 'anonymous'
|
||||
= preload_pack_asset 'features/home_timeline.js', crossorigin: 'anonymous'
|
||||
= preload_pack_asset 'features/notifications.js', crossorigin: 'anonymous'
|
||||
|
||||
%meta{name: 'applicationServerKey', content: Rails.configuration.x.vapid_public_key}
|
||||
= render_initial_state
|
||||
= javascript_pack_tag 'application', integrity: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'application', crossorigin: 'anonymous'
|
||||
|
||||
.app-holder#mastodon{ data: { props: Oj.dump(default_props) } }
|
||||
%noscript
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
- content_for :header_tags do
|
||||
= render_initial_state
|
||||
= javascript_pack_tag 'public', integrity: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'public', crossorigin: 'anonymous'
|
||||
|
||||
- content_for :content do
|
||||
.admin-wrapper
|
||||
|
|
|
@ -21,10 +21,10 @@
|
|||
|
||||
%title= content_for?(:page_title) ? safe_join([yield(:page_title).chomp.html_safe, title], ' - ') : title
|
||||
|
||||
= stylesheet_pack_tag 'common', media: 'all'
|
||||
= stylesheet_pack_tag current_theme, media: 'all'
|
||||
= javascript_pack_tag 'common', integrity: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag "locale_#{I18n.locale}", integrity: true, crossorigin: 'anonymous'
|
||||
= stylesheet_pack_tag 'common', media: 'all', crossorigin: 'anonymous'
|
||||
= stylesheet_pack_tag current_theme, media: 'all', crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'common', crossorigin: 'anonymous'
|
||||
= javascript_pack_tag "locale_#{I18n.locale}", crossorigin: 'anonymous'
|
||||
= csrf_meta_tags
|
||||
%meta{ name: 'style-nonce', content: request.content_security_policy_nonce }
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- content_for :header_tags do
|
||||
= javascript_pack_tag 'public', integrity: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'public', crossorigin: 'anonymous'
|
||||
|
||||
- content_for :content do
|
||||
.container-alt
|
||||
|
|
|
@ -11,8 +11,8 @@
|
|||
- if storage_host?
|
||||
%link{ rel: 'dns-prefetch', href: storage_host }/
|
||||
|
||||
= stylesheet_pack_tag 'common', media: 'all'
|
||||
= stylesheet_pack_tag Setting.default_settings['theme'], media: 'all'
|
||||
= stylesheet_pack_tag 'common', media: 'all', crossorigin: 'anonymous'
|
||||
= stylesheet_pack_tag Setting.default_settings['theme'], media: 'all', crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'common', integrity: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag "locale_#{I18n.locale}", integrity: true, crossorigin: 'anonymous'
|
||||
= render_initial_state
|
||||
|
|
|
@ -5,10 +5,10 @@
|
|||
%meta{ charset: 'utf-8' }/
|
||||
%title= safe_join([yield(:page_title), Setting.default_settings['site_title']], ' - ')
|
||||
%meta{ content: 'width=device-width,initial-scale=1', name: 'viewport' }/
|
||||
= stylesheet_pack_tag 'common', media: 'all'
|
||||
= stylesheet_pack_tag Setting.default_settings['theme'], media: 'all'
|
||||
= javascript_pack_tag 'common', integrity: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'error', integrity: true, crossorigin: 'anonymous'
|
||||
= stylesheet_pack_tag 'common', media: 'all', crossorigin: 'anonymous'
|
||||
= stylesheet_pack_tag Setting.default_settings['theme'], media: 'all', crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'common', crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'error', crossorigin: 'anonymous'
|
||||
%body.error
|
||||
.dialog
|
||||
.dialog__illustration
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- content_for :header_tags do
|
||||
= javascript_pack_tag 'public', integrity: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'public', crossorigin: 'anonymous'
|
||||
|
||||
- content_for :content do
|
||||
- if user_signed_in? && !@hide_header
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
- content_for :header_tags do
|
||||
= render_initial_state
|
||||
= javascript_pack_tag 'public', integrity: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'public', crossorigin: 'anonymous'
|
||||
|
||||
- content_for :content do
|
||||
.public-layout
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
- content_for :header_tags do
|
||||
= render_initial_state
|
||||
= javascript_pack_tag 'public', integrity: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'public', crossorigin: 'anonymous'
|
||||
|
||||
- if @media_attachment.video?
|
||||
= react_component :video, src: @media_attachment.file.url(:original), preview: @media_attachment.thumbnail.present? ? @media_attachment.thumbnail.url : @media_attachment.file.url(:small), blurhash: @media_attachment.blurhash, width: 670, height: 380, editable: true, detailed: true, inline: true, alt: @media_attachment.description do
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
- content_for :header_tags do
|
||||
%meta{ name: 'robots', content: 'noindex' }/
|
||||
= javascript_pack_tag 'about', integrity: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'about', crossorigin: 'anonymous'
|
||||
|
||||
.page-header
|
||||
%h1= t('about.see_whats_happening')
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
= t('settings.relationships')
|
||||
|
||||
- content_for :header_tags do
|
||||
= javascript_pack_tag 'admin', integrity: true, async: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'admin', async: true, crossorigin: 'anonymous'
|
||||
|
||||
.filters
|
||||
.filter-subset
|
||||
|
|
|
@ -13,4 +13,4 @@
|
|||
.actions
|
||||
= f.button :button, t('webauthn_credentials.add'), class: 'js-webauthn', type: :submit
|
||||
|
||||
= javascript_pack_tag 'two_factor_authentication', integrity: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'two_factor_authentication', crossorigin: 'anonymous'
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
- content_for :header_tags do
|
||||
= render_initial_state
|
||||
= javascript_pack_tag 'share', integrity: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'share', crossorigin: 'anonymous'
|
||||
|
||||
#mastodon-compose{ data: { props: Oj.dump(default_props) } }
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
%meta{ name: 'robots', content: 'noindex' }/
|
||||
%link{ rel: 'alternate', type: 'application/rss+xml', href: tag_url(@tag, format: 'rss') }/
|
||||
|
||||
= javascript_pack_tag 'about', integrity: true, crossorigin: 'anonymous'
|
||||
= javascript_pack_tag 'about', crossorigin: 'anonymous'
|
||||
= render 'og'
|
||||
|
||||
.page-header
|
||||
|
|
|
@ -22,6 +22,8 @@ require_relative '../lib/mastodon/version'
|
|||
require_relative '../lib/devise/two_factor_ldap_authenticatable'
|
||||
require_relative '../lib/devise/two_factor_pam_authenticatable'
|
||||
require_relative '../lib/chewy/strategy/custom_sidekiq'
|
||||
require_relative '../lib/webpacker/manifest_extensions'
|
||||
require_relative '../lib/webpacker/helper_extensions'
|
||||
|
||||
Dotenv::Railtie.load
|
||||
|
||||
|
|
|
@ -79,7 +79,8 @@ module.exports = {
|
|||
chunkFilename: 'css/[name]-[contenthash:8].chunk.css',
|
||||
}),
|
||||
new AssetsManifestPlugin({
|
||||
integrity: false,
|
||||
integrity: true,
|
||||
integrityHashes: ['sha256'],
|
||||
entrypoints: true,
|
||||
writeToDisk: true,
|
||||
publicPath: true,
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Webpacker::HelperExtensions
|
||||
def javascript_pack_tag(name, **options)
|
||||
src, integrity = current_webpacker_instance.manifest.lookup!(name, type: :javascript, with_integrity: true)
|
||||
javascript_include_tag(src, options.merge(integrity: integrity))
|
||||
end
|
||||
|
||||
def stylesheet_pack_tag(name, **options)
|
||||
src, integrity = current_webpacker_instance.manifest.lookup!(name, type: :stylesheet, with_integrity: true)
|
||||
stylesheet_link_tag(src, options.merge(integrity: integrity))
|
||||
end
|
||||
|
||||
def preload_pack_asset(name, **options)
|
||||
src, integrity = current_webpacker_instance.manifest.lookup!(name, with_integrity: true)
|
||||
preload_link_tag(src, options.merge(integrity: integrity))
|
||||
end
|
||||
end
|
||||
|
||||
Webpacker::Helper.prepend(Webpacker::HelperExtensions)
|
|
@ -0,0 +1,17 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Webpacker::ManifestExtensions
|
||||
def lookup(name, pack_type = {})
|
||||
asset = super
|
||||
|
||||
if pack_type[:with_integrity] && asset.respond_to?(:dig)
|
||||
[asset.dig('src'), asset.dig('integrity')]
|
||||
elsif asset.respond_to?(:dig)
|
||||
asset.dig('src')
|
||||
else
|
||||
asset
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Webpacker::Manifest.prepend(Webpacker::ManifestExtensions)
|
Loading…
Reference in New Issue