From 2c824ca4f1b5a90cb2a2573410fa8f38bb22aed4 Mon Sep 17 00:00:00 2001 From: ingalls Date: Mon, 9 Sep 2024 17:50:04 -0600 Subject: [PATCH 1/5] Sec Headers --- api/nginx.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/api/nginx.conf b/api/nginx.conf index f4614f404..df885634f 100644 --- a/api/nginx.conf +++ b/api/nginx.conf @@ -23,6 +23,9 @@ http { client_max_body_size 512M; + add_header X-Content-Type-Options nosniff; + add_header Referrer-Policy strict-origin-when-cross-origin; + location / { if ($request_uri ~ ^/(.*)\.html) { return 302 /$1; From 7b6726fce85aea1fac4924986bb0687ccff6d3c2 Mon Sep 17 00:00:00 2001 From: ingalls Date: Mon, 9 Sep 2024 17:53:05 -0600 Subject: [PATCH 2/5] Fix Icon Height --- api/web/src/components/CloudTAK/Loading.vue | 2 +- api/web/src/components/Loading.vue | 2 +- api/web/src/components/Login.vue | 2 +- api/web/src/components/util/LoginModal.vue | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/api/web/src/components/CloudTAK/Loading.vue b/api/web/src/components/CloudTAK/Loading.vue index 7c8ec42e2..abd12be11 100644 --- a/api/web/src/components/CloudTAK/Loading.vue +++ b/api/web/src/components/CloudTAK/Loading.vue @@ -10,7 +10,7 @@ Agency Logo diff --git a/api/web/src/components/Loading.vue b/api/web/src/components/Loading.vue index e1f2b7a3c..4a8e7bb71 100644 --- a/api/web/src/components/Loading.vue +++ b/api/web/src/components/Loading.vue @@ -13,7 +13,7 @@ Agency Logo diff --git a/api/web/src/components/Login.vue b/api/web/src/components/Login.vue index bf5ca3c54..a0a395162 100644 --- a/api/web/src/components/Login.vue +++ b/api/web/src/components/Login.vue @@ -15,7 +15,7 @@ > CloudTAK System Logo diff --git a/api/web/src/components/util/LoginModal.vue b/api/web/src/components/util/LoginModal.vue index 9e686fa7e..d14a8f144 100644 --- a/api/web/src/components/util/LoginModal.vue +++ b/api/web/src/components/util/LoginModal.vue @@ -7,7 +7,7 @@ >

From 14479537e825c84ea9d1140ed00b36777f01963e Mon Sep 17 00:00:00 2001 From: ingalls Date: Mon, 9 Sep 2024 18:01:40 -0600 Subject: [PATCH 3/5] Turn off server tokens --- api/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/api/nginx.conf b/api/nginx.conf index df885634f..1d8ffcbf3 100644 --- a/api/nginx.conf +++ b/api/nginx.conf @@ -2,6 +2,7 @@ user nginx; worker_processes auto; error_log /var/log/nginx/error.log warn; pid /run/nginx.pid; +server_tokens off; events { worker_connections 1024; From a0f0dbcea181dc57e96fd88dea4cd3fe427c2ded Mon Sep 17 00:00:00 2001 From: ingalls Date: Mon, 9 Sep 2024 18:51:22 -0600 Subject: [PATCH 4/5] Fix bug where type icon would fail in iconselect component --- api/web/src/components/CloudTAK/util/Icons.vue | 5 ++++- api/web/src/components/util/IconSelect.vue | 10 +++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/api/web/src/components/CloudTAK/util/Icons.vue b/api/web/src/components/CloudTAK/util/Icons.vue index f057027f8..7ea5b7bd1 100644 --- a/api/web/src/components/CloudTAK/util/Icons.vue +++ b/api/web/src/components/CloudTAK/util/Icons.vue @@ -151,7 +151,10 @@ export default { } }, mounted: async function() { - await this.fetchList(); + // If the icon has a `:` it is part of an iconset, otherwise it is derived from the type + if (this.iconset.includes(':')) { + await this.fetchList(); + } }, methods: { iconurl: function(icon) { diff --git a/api/web/src/components/util/IconSelect.vue b/api/web/src/components/util/IconSelect.vue index dbd549404..c374d3c41 100644 --- a/api/web/src/components/util/IconSelect.vue +++ b/api/web/src/components/util/IconSelect.vue @@ -219,12 +219,16 @@ export default { await this.Iconlists(); }, }, - modelValue: function() { - if (this.modelValue) this.fetch(); + modelValue: async function() { + if (this.modelValue && this.modelValue.includes(":")) { + await this.fetch(); + } } }, mounted: async function() { - if (this.modelValue) await this.fetch(); + if (this.modelValue && this.modelValue.includes(":")) { + await this.fetch(); + } await this.Iconlistsets(); await this.Iconlists(); }, From 40c5b4cd2679970cb743b513dd28a4bd4f39f7da Mon Sep 17 00:00:00 2001 From: ingalls Date: Mon, 9 Sep 2024 19:16:35 -0600 Subject: [PATCH 5/5] Move server token --- api/nginx.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/api/nginx.conf b/api/nginx.conf index 1d8ffcbf3..8b27ed26b 100644 --- a/api/nginx.conf +++ b/api/nginx.conf @@ -2,7 +2,6 @@ user nginx; worker_processes auto; error_log /var/log/nginx/error.log warn; pid /run/nginx.pid; -server_tokens off; events { worker_connections 1024; @@ -24,6 +23,8 @@ http { client_max_body_size 512M; + server_tokens off; + add_header X-Content-Type-Options nosniff; add_header Referrer-Policy strict-origin-when-cross-origin;