Add Content-Security-Policy in Authelia web pages

2024-09-14 22:47:21 +07:00 · 2017-10-19 22:30:59 +02:00 · 2017-10-19 22:30:59 +02:00 · 969561f4ad
commit 969561f4ad
parent a3560ef8d3
10 changed files with 68 additions and 88 deletions
--- a/client/src/css/01-main.css
+++ b/client/src/css/01-main.css
@ -1,6 +1,6 @@
 body {
-    background-image: url("data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI1NiIgaGVpZ2h0PSIxMDAiPgo8cmVjdCB3aWR0aD0iNTYiIGhlaWdodD0iMTAwIiBmaWxsPSIjRkZGRkZGIj48L3JlY3Q+CjxwYXRoIGQ9Ik0yOCA2NkwwIDUwTDAgMTZMMjggMEw1NiAxNkw1NiA1MEwyOCA2NkwyOCAxMDAiIGZpbGw9Im5vbmUiIHN0cm9rZT0iI0ZDRkNGQyIgc3Ryb2tlLXdpZHRoPSIyIj48L3BhdGg+CjxwYXRoIGQ9Ik0yOCAwTDI4IDM0TDAgNTBMMCA4NEwyOCAxMDBMNTYgODRMNTYgNTBMMjggMzQiIGZpbGw9Im5vbmUiIHN0cm9rZT0iI0ZCRkJGQiIgc3Ryb2tlLXdpZHRoPSIyIj48L3BhdGg+Cjwvc3ZnPg==");
+    background-image: url("/img/background.svg");
 }
 .authelia-brand {
--- a/client/src/img/background.svg
+++ b/client/src/img/background.svg
@ -0,0 +1,5 @@
 <svg xmlns="http://www.w3.org/2000/svg" width="56" height="100">
 <rect width="56" height="100" fill="#FFFFFF"></rect>
 <path d="M28 66L0 50L0 16L28 0L56 16L56 50L28 66L28 100" fill="none" stroke="#FCFCFC" stroke-width="2"></path>
 <path d="M28 0L28 34L0 50L0 84L28 100L56 84L56 50L28 34" fill="none" stroke="#FBFBFB" stroke-width="2"></path>
 </svg>
--- a/client/src/index.ts
+++ b/client/src/index.ts
@ -10,27 +10,22 @@ import ResetPasswordForm from "./lib/reset-password/reset-password-form";
 import jslogger = require("js-logger");
 import jQuery = require("jquery");
 import U2fApi = require("u2f-api");
 import Endpoints = require("../../shared/api");
 jslogger.useDefaults();
 jslogger.setLevel(jslogger.INFO);
-export = {
+(function () {
-    firstfactor: function () {
+  if (window.location.pathname == Endpoints.FIRST_FACTOR_GET)
    FirstFactor(window, jQuery, FirstFactorValidator, jslogger);
-    },
+  else if (window.location.pathname == Endpoints.SECOND_FACTOR_GET)
    secondfactor: function () {
    SecondFactor(window, jQuery, U2fApi);
-    },
+  else if (window.location.pathname == Endpoints.SECOND_FACTOR_TOTP_IDENTITY_FINISH_GET)
    register_totp: function() {
    TOTPRegister(window, jQuery);
-    },
+  else if (window.location.pathname == Endpoints.SECOND_FACTOR_U2F_IDENTITY_FINISH_GET)
    register_u2f: function () {
    U2fRegister(window, jQuery);
-    },
+  else if (window.location.pathname == Endpoints.RESET_PASSWORD_IDENTITY_FINISH_GET)
    reset_password_request: function () {
        ResetPasswordRequest(window, jQuery);
    },
    reset_password_form: function () {
    ResetPasswordForm(window, jQuery);
-    }
+  else if (window.location.pathname == Endpoints.RESET_PASSWORD_REQUEST_GET)
-};
+    ResetPasswordRequest(window, jQuery);
 })();
--- a/server/src/views/firstfactor.pug
+++ b/server/src/views/firstfactor.pug
@ -16,6 +16,3 @@ block content
    a(href=reset_password_request_endpoint, class="pull-right link forgot-password") Forgot password?
    <span class="clearfix"></span>
  </form>
 block entrypoint
    <script>authelia.firstfactor();</script>
--- a/server/src/views/layout/layout.pug
+++ b/server/src/views/layout/layout.pug
@ -5,6 +5,7 @@ html
    title Authelia - 2FA
    meta(name="viewport", content="width=device-width, initial-scale=1.0")/
    meta(name="robots", content="noindex, nofollow, nosnippet, noarchive")/
    meta(http-equiv="Content-Security-Policy", content="default-src 'self'; img-src 'self' data:;")/
    link(rel="icon", href="/img/icon.png" type="image/png" sizes="32x32")/
    link(rel="stylesheet", type="text/css", href="/css/authelia.css")/
    if redirection_url
@ -27,5 +28,5 @@ html
        </div>
      </div>
    </div>
        script(src="/js/authelia.js")
    block entrypoint
    script(src="/js/authelia.js")
--- a/server/src/views/password-reset-form.pug
+++ b/server/src/views/password-reset-form.pug
@ -18,6 +18,3 @@ block content
    <button id="reset-password-button" class="btn btn-lg btn-primary btn-block" type="submit">Reset Password</button>
    <span class="clearfix"></span>
  </form>
 block entrypoint
    <script>authelia.reset_password_form();</script>
--- a/server/src/views/password-reset-request.pug
+++ b/server/src/views/password-reset-request.pug
@ -17,7 +17,3 @@ block content
    <button id="reset-password-button" class="btn btn-lg btn-primary btn-block" type="submit">Reset Password</button>
    <span class="clearfix"></span>
  </form>
 block entrypoint
    <script>authelia.reset_password_request();</script>
--- a/server/src/views/secondfactor.pug
+++ b/server/src/views/secondfactor.pug
@ -22,8 +22,3 @@ block content
    a(href=u2f_identity_start_endpoint, class="pull-right link register-u2f") Need to register?
    <span class="clearfix"></span>
  </form>
 block entrypoint
    <script>
    | authelia.secondfactor();
    </script>
--- a/server/src/views/totp-register.pug
+++ b/server/src/views/totp-register.pug
@ -14,6 +14,3 @@ block content
 block entrypoint
  <script src="/js/qrcode.min.js"></script>
  <script>
  |  authelia.register_totp();
  </script>
--- a/server/src/views/u2f-register.pug
+++ b/server/src/views/u2f-register.pug
@ -9,6 +9,3 @@ block form-header
 block content
  <img src="/img/pendrive.png" alt="pendrive" />
 block entrypoint
  <script>window.authelia.register_u2f()</script>