From 18582ed780f9f0551a9743b6fc3dbc326cac25a1 Mon Sep 17 00:00:00 2001 From: Victor-Loos Date: Mon, 13 Feb 2023 17:26:33 +0100 Subject: [PATCH 1/3] CSP-Only header --- .DS_Store | Bin 0 -> 6148 bytes docs/.DS_Store | Bin 0 -> 8196 bytes pw/.DS_Store | Bin 0 -> 8196 bytes pw/pw-csp/client/src/index.html | 6 ++---- 4 files changed, 2 insertions(+), 4 deletions(-) create mode 100644 .DS_Store create mode 100644 docs/.DS_Store create mode 100644 pw/.DS_Store diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..d8f10f9110f8a8b8d0525e97e7e58f09bb6b04a2 GIT binary patch literal 6148 zcmeHKPm9w)6o1o3H+2z;xG3l$Ab2Wniw403iP@@0!H5c0y3MAvS<_5tQgf(<-b7D+ z2ETzP@8ZFWSG@{;0sRKPH#5;>yDNJV(RncQn|Xicz4<|AG62BbSK9i%$~AmH*E{dZ8uqO-;lC<5 z+^bTLIRB7`066SITB+pvvv*>j%2uvn^V&{P!_U}q_Jiz|yv`R~8fuV0?&oQu_kCl`?(o*26o6zD(Wc-s^%o5mTmZzpYFe`|yhLiI}I} zG>&*Y!g)~>*|Z#y0Y#d*enfxmrWw!-{67rP`CwrqbQCTnilYNN@dQ9LP%Q+<^p>C) zOQEB1DG@CwOok%LP^O+3OopT0QhtuYr9>GHOk~D&RA#1LC`@EWy(Qd%ITCfR8PE(= z8K}!?lkWeUhrj=;L3*Yc&9feDYs6o*`0)htJX$Jl%13v&SqPUX) literal 0 HcmV?d00001 diff --git a/docs/.DS_Store b/docs/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..c557e2bd0ee6093c8a086cac39036047866cafee GIT binary patch literal 8196 zcmeHMK}#D!6n@i)M5;xEf(I#k=`mss?L~xbh$r!sLod=AO)-J28;vU-_oo#9f&Zb` zfEH@uz!%VmI+Zn6c7bO0Z~8{_#YI&na!YXOLm79h2W$=uEv5#I zJ1OH%%0^bULQy(8`~q!GDl{mgC?E>t6$mgjN2_#72`YD|ey_Lo<7i+U-u;?v6~)cw zUO(Q$YW1eEv(ota<5Q7kXG+UK*Nwc!1gg}g4j8uSkoLi{(?4)+-k(jfak<@gGj6%P zqIk@#%+BYPGOt-M!d(X#o$!r^!)c?=uPJZc<#WFMb)?k;n=zLn8;{4vCG&U#Rbq

Tz~S?q=0&)4tDnXWllm<9*s}%2yWJkKf^m#@8?PSx)D# z9KV;Cr(R*xrL4VY4m_87n|PdQKb*83?e~CUZ9_M$_s!4UxJm6MIFa_;bN6Yyj=k{H zYuZ35u$<66fIDfmuUfN=q{fRc9!457=SeEdXQlOUk2R@h3%4(G&`&FR{T>y~aFUvS zU3eO4n!}6z+Ko3yS9A@w@XHnA^`&6J5PQ9}zU|AXFPEFt`Rw`2Nars6Snpo=b96_0 zHo(1TrL}%~f?8AKNqyhz?;?E}POK@9lh$G2G&}R$$LkuTb!@L^$CEl9eEg8r!OxN0 zVR@Xi4!*yb7FCo3`_6$yv7%L$|6k32|G)3ntrnylP!7ZnkV4aJHt=)wi#i?>J(g?h zSU0e;!gy1GJOmq_jwAAP9C7ClL+tBFWif`tsX#n}<)6O@;D1eO>iN&zSIt3n;13s6 BNY(%V literal 0 HcmV?d00001 diff --git a/pw/pw-csp/client/src/index.html b/pw/pw-csp/client/src/index.html index 2cdf679a..1e185a52 100644 --- a/pw/pw-csp/client/src/index.html +++ b/pw/pw-csp/client/src/index.html @@ -1,10 +1,8 @@ - + Test From 5306cf1ca8caae92ba3f0c6e93000ac520a377f2 Mon Sep 17 00:00:00 2001 From: Victor-Loos Date: Mon, 13 Feb 2023 17:44:22 +0100 Subject: [PATCH 2/3] Ignore MacOs view configuration files --- .DS_Store | Bin 6148 -> 0 bytes .gitignore | 4 +++- docs/.DS_Store | Bin 8196 -> 0 bytes pw/.DS_Store | Bin 8196 -> 0 bytes 4 files changed, 3 insertions(+), 1 deletion(-) delete mode 100644 .DS_Store delete mode 100644 docs/.DS_Store delete mode 100644 pw/.DS_Store diff --git a/.DS_Store b/.DS_Store deleted file mode 100644 index d8f10f9110f8a8b8d0525e97e7e58f09bb6b04a2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHKPm9w)6o1o3H+2z;xG3l$Ab2Wniw403iP@@0!H5c0y3MAvS<_5tQgf(<-b7D+ z2ETzP@8ZFWSG@{;0sRKPH#5;>yDNJV(RncQn|Xicz4<|AG62BbSK9i%$~AmH*E{dZ8uqO-;lC<5 z+^bTLIRB7`066SITB+pvvv*>j%2uvn^V&{P!_U}q_Jiz|yv`R~8fuV0?&oQu_kCl`?(o*26o6zD(Wc-s^%o5mTmZzpYFe`|yhLiI}I} zG>&*Y!g)~>*|Z#y0Y#d*enfxmrWw!-{67rP`CwrqbQCTnilYNN@dQ9LP%Q+<^p>C) zOQEB1DG@CwOok%LP^O+3OopT0QhtuYr9>GHOk~D&RA#1LC`@EWy(Qd%ITCfR8PE(= z8K}!?lkWeUhrj=;L3*Yc&9feDYs6o*`0)htJX$Jl%13v&SqPUX) diff --git a/.gitignore b/.gitignore index 67121c8d..185f740a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ node_modules .temp -.cache \ No newline at end of file +.cache + +.DS_Store \ No newline at end of file diff --git a/docs/.DS_Store b/docs/.DS_Store deleted file mode 100644 index c557e2bd0ee6093c8a086cac39036047866cafee..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8196 zcmeHMK}#D!6n@i)M5;xEf(I#k=`mss?L~xbh$r!sLod=AO)-J28;vU-_oo#9f&Zb` zfEH@uz!%VmI+Zn6c7bO0Z~8{_#YI&na!YXOLm79h2W$=uEv5#I zJ1OH%%0^bULQy(8`~q!GDl{mgC?E>t6$mgjN2_#72`YD|ey_Lo<7i+U-u;?v6~)cw zUO(Q$YW1eEv(ota<5Q7kXG+UK*Nwc!1gg}g4j8uSkoLi{(?4)+-k(jfak<@gGj6%P zqIk@#%+BYPGOt-M!d(X#o$!r^!)c?=uPJZc<#WFMb)?k;n=zLn8;{4vCG&U#Rbq

Tz~S?q=0&)4tDnXWllm<9*s}%2yWJkKf^m#@8?PSx)D# z9KV;Cr(R*xrL4VY4m_87n|PdQKb*83?e~CUZ9_M$_s!4UxJm6MIFa_;bN6Yyj=k{H zYuZ35u$<66fIDfmuUfN=q{fRc9!457=SeEdXQlOUk2R@h3%4(G&`&FR{T>y~aFUvS zU3eO4n!}6z+Ko3yS9A@w@XHnA^`&6J5PQ9}zU|AXFPEFt`Rw`2Nars6Snpo=b96_0 zHo(1TrL}%~f?8AKNqyhz?;?E}POK@9lh$G2G&}R$$LkuTb!@L^$CEl9eEg8r!OxN0 zVR@Xi4!*yb7FCo3`_6$yv7%L$|6k32|G)3ntrnylP!7ZnkV4aJHt=)wi#i?>J(g?h zSU0e;!gy1GJOmq_jwAAP9C7ClL+tBFWif`tsX#n}<)6O@;D1eO>iN&zSIt3n;13s6 BNY(%V From bfb985e8a9c7a35f971aec997f87450ead10d8d4 Mon Sep 17 00:00:00 2001 From: Victor-Loos Date: Wed, 15 Feb 2023 13:05:48 +0100 Subject: [PATCH 3/3] CSP-Server side --- .../com/worldline/bookstore/config/SecurityConfiguration.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pw/pw-csp/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java b/pw/pw-csp/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java index 7b4343bc..182d8b18 100644 --- a/pw/pw-csp/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java +++ b/pw/pw-csp/server/src/main/java/com/worldline/bookstore/config/SecurityConfiguration.java @@ -118,7 +118,7 @@ private void setCspConfig(HttpSecurity http) throws Exception { .contentSecurityPolicy( "script-src" + " 'none' "+ - // "'unsafe-eval' 'unsafe-inline' " + + "'self" + ";" + // add connect-src directive to adapt CSP over cross-origin requests (CORS) "connect-src"+