Fix CSP not propagated in default handler. (#915)

Also:
- not hide the CSP header in the dist version of suites.
- Fix CSP errors due to FontAwesome loading stylesheets dynamically.
This commit is contained in:
Clément Michaud 2020-04-26 00:12:55 +02:00 committed by GitHub
parent ca4a890fb2
commit 29325ab273
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 5 additions and 8 deletions

View File

@ -3,7 +3,6 @@ package server
import ( import (
"fmt" "fmt"
"os" "os"
"path"
duoapi "github.com/duosecurity/duo_api_golang" duoapi "github.com/duosecurity/duo_api_golang"
"github.com/fasthttp/router" "github.com/fasthttp/router"
@ -112,9 +111,7 @@ func StartServer(configuration schema.Configuration, providers middlewares.Provi
router.GET("/debug/vars", expvarhandler.ExpvarHandler) router.GET("/debug/vars", expvarhandler.ExpvarHandler)
} }
router.NotFound = func(ctx *fasthttp.RequestCtx) { router.NotFound = ServeIndex(publicDir)
ctx.SendFile(path.Join(publicDir, "index.html"))
}
server := &fasthttp.Server{ server := &fasthttp.Server{
Handler: middlewares.LogRequestMiddleware(router.Handler), Handler: middlewares.LogRequestMiddleware(router.Handler),

View File

@ -13,10 +13,6 @@ http {
set $backend_endpoint https://authelia-backend:9091; set $backend_endpoint https://authelia-backend:9091;
location / { location / {
# We don't want to apply CSP in dev mode because the frontend is served by CRA
# and thus cannot have the nonce injected.
proxy_hide_header Content-Security-Policy;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_pass $backend_endpoint; proxy_pass $backend_endpoint;
} }

View File

@ -20,6 +20,10 @@ import SignOut from './views/LoginPortal/SignOut/SignOut';
import { useConfiguration } from './hooks/Configuration'; import { useConfiguration } from './hooks/Configuration';
import Tracker from "./components/Tracker"; import Tracker from "./components/Tracker";
import { useTracking } from "./hooks/Tracking"; import { useTracking } from "./hooks/Tracking";
import '@fortawesome/fontawesome-svg-core/styles.css'
import {config as faConfig} from '@fortawesome/fontawesome-svg-core';
faConfig.autoAddCss = false;
const App: React.FC = () => { const App: React.FC = () => {
const [notification, setNotification] = useState(null as Notification | null); const [notification, setNotification] = useState(null as Notification | null);