-
-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Subresource Integrity Generator #12
base: main
Are you sure you want to change the base?
Add Subresource Integrity Generator #12
Conversation
We also need to add Nonce-based strict CSP or Hash-based strict CSP. As Passky Website is client side only, we would need to use Hash-based strict CSP. |
CSP is already provided in _headers file and it is not recommended to use CSP inside HTML. It should be provided by Nginx / Apache (Web Server) |
I think if it does provide on both sides it will be better, so zero trust means every party must always verify. 🤗 |
Would need to check / make a research about the disadvantages on providing CSP in both ways. |
Of course there is one issue which is an advantage also, website will no longer work with HTTP when access a deployment on LAN (http://192.168.x.x), and that's an excellent thing. |
…nside `html` files with CSP Hash
Done 😋✌️ |
Sadly this won't be possible because of Umbrel and also Tor. Both Umbrel and Tor operate on HTTP. |
I'm not sure why Umbrel supposes that a LAN network is always safe, in fact, it is never safe. Any network attached to the internet it is not safe anymore. I tested Umbrel before and it is still not stable. |
Umbrel manage certificates on their own, so we would probably need to wait for them to add support first. LAN network is not always safe, but is a lot safer than hosting Passky Server on the internet, as everyone has access to it. |
|
BTW, on the |
This PR uses gulp-sri-hash plugin on a build tool called gulp to force SRI Hash on
js,css
files when received byhtml
files, gulp can be installed globally with this command:Don't forget to run
npm install
to updatedev
dependencies.gulp will update
html
files with recommended coding style and update SRI Hash automatically if necessary.So, for any new future changes to
js,css
files contents then you just need to run:Finally, for future development just
gulp
,Commit
andPush
. 😋✌️