mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-16 06:07:21 +01:00
Compare commits
14 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
861d077247 | ||
|
|
cc6a35e61d | ||
|
|
985b86c29a | ||
|
|
166bd31527 | ||
|
|
1a0a6c1806 | ||
|
|
023d9886c8 | ||
|
|
f51f0a0c93 | ||
|
|
83b2ba7688 | ||
|
|
d5ca5172d5 | ||
|
|
c677a1ffef | ||
|
|
6ef35c3f72 | ||
|
|
5759fb37d8 | ||
|
|
9f238abf93 | ||
|
|
9462e90f4f |
10
package-lock.json
generated
10
package-lock.json
generated
@@ -45,7 +45,7 @@
|
||||
"gulp-imagemin": "^7.1.0",
|
||||
"gulp.spritesmith": "^6.13.0",
|
||||
"habitica-markdown": "^3.0.0",
|
||||
"helmet": "^4.6.0",
|
||||
"helmet": "^8.1.0",
|
||||
"in-app-purchase": "^1.11.3",
|
||||
"js2xmlparser": "^5.0.0",
|
||||
"jsonwebtoken": "^9.0.2",
|
||||
@@ -12450,11 +12450,11 @@
|
||||
}
|
||||
},
|
||||
"node_modules/helmet": {
|
||||
"version": "4.6.0",
|
||||
"resolved": "https://registry.npmjs.org/helmet/-/helmet-4.6.0.tgz",
|
||||
"integrity": "sha512-HVqALKZlR95ROkrnesdhbbZJFi/rIVSoNq6f3jA/9u6MIbTsPh3xZwihjeI5+DO/2sOV6HMHooXcEOuwskHpTg==",
|
||||
"version": "8.1.0",
|
||||
"resolved": "https://registry.npmjs.org/helmet/-/helmet-8.1.0.tgz",
|
||||
"integrity": "sha512-jOiHyAZsmnr8LqoPGmCjYAaiuWwjAPLgY8ZX2XrmHawt99/u1y6RgrZMTeoPfpUbV96HOalYgz1qzkRbw54Pmg==",
|
||||
"engines": {
|
||||
"node": ">=10.0.0"
|
||||
"node": ">=18.0.0"
|
||||
}
|
||||
},
|
||||
"node_modules/hex2dec": {
|
||||
|
||||
@@ -40,7 +40,7 @@
|
||||
"gulp-imagemin": "^7.1.0",
|
||||
"gulp.spritesmith": "^6.13.0",
|
||||
"habitica-markdown": "^3.0.0",
|
||||
"helmet": "^4.6.0",
|
||||
"helmet": "^8.1.0",
|
||||
"in-app-purchase": "^1.11.3",
|
||||
"js2xmlparser": "^5.0.0",
|
||||
"jsonwebtoken": "^9.0.2",
|
||||
|
||||
@@ -491,6 +491,9 @@ export default {
|
||||
},
|
||||
methods: {
|
||||
mapProfileLinksToModal () {
|
||||
if (!this.$refs?.markdownContainer) {
|
||||
return;
|
||||
}
|
||||
const links = this.$refs.markdownContainer.getElementsByTagName('a');
|
||||
for (let i = 0; i < links.length; i += 1) {
|
||||
let link = links[i].pathname;
|
||||
|
||||
@@ -66,7 +66,35 @@ export default function attachMiddlewares (app, server) {
|
||||
// See https://helmetjs.github.io/ for the list of headers enabled by default
|
||||
app.use(helmet({
|
||||
// New middlewares added by default in Helmet 4 are disabled
|
||||
contentSecurityPolicy: false, // @TODO implement
|
||||
contentSecurityPolicy: {
|
||||
directives: {
|
||||
defaultSrc: [
|
||||
'*.habitica.com',
|
||||
'*.amazon.com',
|
||||
'*.amazonaws.com',
|
||||
'*.loggly.com',
|
||||
'*.payments-amazon.com',
|
||||
'*.stripe.com',
|
||||
'*.stripe.network',
|
||||
],
|
||||
imgSrc: [
|
||||
'*',
|
||||
'data:',
|
||||
],
|
||||
scriptSrc: [
|
||||
'\'unsafe-eval\'',
|
||||
'\'unsafe-inline\'',
|
||||
'*.habitica.com',
|
||||
'*.amazon.com',
|
||||
'*.amazonaws.com',
|
||||
'*.loggly.com',
|
||||
'*.payments-amazon.com',
|
||||
'*.stripe.com',
|
||||
'*.stripe.network',
|
||||
],
|
||||
upgradeInsecureRequests: IS_PROD ? [] : null,
|
||||
},
|
||||
},
|
||||
expectCt: false,
|
||||
permittedCrossDomainPolicies: false,
|
||||
referrerPolicy: false,
|
||||
|
||||
Reference in New Issue
Block a user