Skip to content

Commit 146a7a6

Browse files
aiai
committed
Fix 404/500 pages CSP conflict and replace sha512 to sha256 to reduce headers size
1 parent d59abe1 commit 146a7a6

File tree

4 files changed

+27
-16
lines changed

4 files changed

+27
-16
lines changed

web/nginx.conf

+1-1
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ http {
4141

4242
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
4343
add_header X-Content-Type-Options "nosniff";
44-
add_header Content-Security-Policy "object-src 'none'; frame-ancestors 'none'; form-action 'none'; base-uri 'none'; style-src 'sha512-PHkQqFB5xMOzIlQKtIwhvRMW/am07I/znOSfv/p3q7zZbVRgV9NoARcwG+FSMrIMHMTKfvMD8o8PYiOYBY6fEA==' 'self'; script-src 'sha512-Rczlh6VlA4INB1ZfGQtFefldgg2D6I9iD9zuroBG15QQTjqzVczclCYoKfEqD+h5ifMmhc0d+UMAbd4fpudT3w==' 'self'";
44+
add_header Content-Security-Policy "object-src 'none'; frame-ancestors 'none'; form-action 'none'; base-uri 'none'; style-src 'sha256-J1yr9jnezHa8fgkMcmmOquKcdW3HPJID3HI4njG+hY8=' 'sha256-CZnb1TLE7y6wqURRr67r0i61eIyy5Pondy3oQa/vFuc=' 'self'; script-src 'sha256-u5afvzrVcDGTOxeBQWnrSgxFv/EOJ2lqLAWD6qzSSY8=' 'self'";
4545

4646
location ~* __ROUTES__ {
4747
try_files /index.html =404;

web/public/404.html

+3-1
Original file line numberDiff line numberDiff line change
@@ -64,9 +64,11 @@
6464
fill: oklch(0.58 0.2 29);
6565
width: 200px;
6666
position: absolute;
67-
z-index: 2;
6867
top: -20%;
6968
left: -40%;
69+
&.is-below {
70+
z-index: -1;
71+
}
7072
}
7173
.object {
7274
fill: currentColor;

web/public/500.html

+4-2
Original file line numberDiff line numberDiff line change
@@ -64,9 +64,11 @@
6464
fill: oklch(0.58 0.2 29);
6565
width: 200px;
6666
position: absolute;
67-
z-index: -1;
6867
top: -20%;
6968
left: -40%;
69+
&.is-below {
70+
z-index: -1;
71+
}
7072
}
7173
.object {
7274
fill: currentColor;
@@ -84,7 +86,7 @@
8486
Home
8587
</a>
8688
<div class="image">
87-
<svg viewBox="0 0 24 24" class="fire">
89+
<svg viewBox="0 0 24 24" class="fire is-below">
8890
<path
8991
d="M17.66 11.2C17.43 10.9 17.15 10.64 16.89 10.38C16.22 9.78 15.46 9.35 14.82 8.72C13.33 7.26 13 4.85 13.95 3C13 3.23 12.17 3.75 11.46 4.32C8.87 6.4 7.85 10.07 9.07 13.22C9.11 13.32 9.15 13.42 9.15 13.55C9.15 13.77 9 13.97 8.8 14.05C8.57 14.15 8.33 14.09 8.14 13.93C8.08 13.88 8.04 13.83 8 13.76C6.87 12.33 6.69 10.28 7.45 8.64C5.78 10 4.87 12.3 5 14.47C5.06 14.97 5.12 15.47 5.29 15.97C5.43 16.57 5.7 17.17 6 17.7C7.08 19.43 8.95 20.67 10.96 20.92C13.1 21.19 15.39 20.8 17.03 19.32C18.86 17.66 19.5 15 18.56 12.72L18.43 12.46C18.22 12 17.66 11.2 17.66 11.2M14.5 17.5C14.22 17.74 13.76 18 13.4 18.1C12.28 18.5 11.16 17.94 10.5 17.28C11.69 17 12.4 16.12 12.61 15.23C12.78 14.43 12.46 13.77 12.33 13C12.21 12.26 12.23 11.63 12.5 10.94C12.69 11.32 12.89 11.7 13.13 12C13.9 13 15.11 13.44 15.37 14.8C15.41 14.94 15.43 15.08 15.43 15.23C15.46 16.05 15.1 16.95 14.5 17.5H14.5Z"
9092
/>

web/scripts/generate-csp.ts

+19-12
Original file line numberDiff line numberDiff line change
@@ -3,25 +3,32 @@
33
// to nginx config.
44

55
import { createHash } from 'node:crypto'
6-
import { readFileSync, writeFileSync } from 'node:fs'
6+
import { readFile, writeFile } from 'node:fs/promises'
77
import { join } from 'node:path'
88

99
const NGINX = join(import.meta.dirname, '../nginx.conf')
10-
const HTML = join(import.meta.dirname, '../dist/index.html')
10+
const LOADER = join(import.meta.dirname, '../dist/index.html')
11+
const ERROR = join(import.meta.dirname, '../dist/404.html')
1112

12-
function sha512(content: string): string {
13-
return createHash('sha512').update(content, 'utf8').digest('base64')
13+
function hash(content: string): string {
14+
return `'sha256-${createHash('sha256').update(content, 'utf8').digest('base64')}'`
1415
}
1516

16-
let html = readFileSync(HTML, 'utf8')
17-
let css = html.match(/<style>([\s\S]*?)<\/style>/)![1]!
18-
let js = html.match(/<script>([\s\S]*?)<\/script>/)![1]!
19-
20-
let nginx = readFileSync(NGINX, 'utf8')
17+
let [loader, error, nginx] = await Promise.all([
18+
readFile(LOADER, 'utf8'),
19+
readFile(ERROR, 'utf8'),
20+
readFile(NGINX, 'utf8')
21+
])
22+
let loaderCSS = loader.match(/<style>([\s\S]*?)<\/style>/)![1]!
23+
let errorCSS = error.match(/<style>([\s\S]*?)<\/style>/)![1]!
24+
let loaderJS = loader.match(/<script>([\s\S]*?)<\/script>/)![1]!
2125

2226
nginx = nginx
2327
.toString()
24-
.replace(/(style-src 'sha512-)[^']+'/g, `$1${sha512(css)}'`)
25-
.replace(/(script-src 'sha512-)[^']+'/g, `$1${sha512(js)}'`)
28+
.replace(
29+
/style-src 'sha\d+-[^']+' 'sha\d+-[^']+'/g,
30+
`style-src ${hash(loaderCSS)} ${hash(errorCSS)}`
31+
)
32+
.replace(/script-src 'sha\d+-[^']+'/g, `script-src ${hash(loaderJS)}`)
2633

27-
writeFileSync(NGINX, nginx)
34+
await writeFile(NGINX, nginx)

0 commit comments

Comments
 (0)