diff options
| author | BlackDex <[email protected]> | 2022-12-28 20:05:10 +0100 |
|---|---|---|
| committer | BlackDex <[email protected]> | 2022-12-31 22:17:16 +0100 |
| commit | 613b2519edc53dfcc7f82ea4e402ff846ab9cc04 (patch) | |
| tree | db9265109e84533fc33aeeb522634c9d7dd4ade3 /src/api/web.rs | |
| parent | 10dadfca068ed449fcd4a74b70ae2cd83990d3d4 (diff) | |
| download | vaultwarden-613b2519edc53dfcc7f82ea4e402ff846ab9cc04.tar.gz vaultwarden-613b2519edc53dfcc7f82ea4e402ff846ab9cc04.zip | |
Removed unsafe-inline JS from CSP and other fixes
- Removed `unsafe-inline` for javascript from CSP.
The admin interface now uses files instead of inline javascript.
- Modified javascript to work not being inline.
- Run eslint over javascript and fixed some items.
- Added a `to_json` Handlebars helper.
Used at the diagnostics page.
- Changed `AdminTemplateData` struct to be smaller.
The `config` was always added, but only used at one page.
Same goes for `can_backup` and `version`.
- Also inlined CSS.
We can't remove the `unsafe-inline` from css, because that seems to
break the web-vault currently. That might need some further checks.
But for now the 404 page and all the admin pages are clear of inline scripts and styles.
Diffstat (limited to 'src/api/web.rs')
| -rw-r--r-- | src/api/web.rs | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/api/web.rs b/src/api/web.rs index 3742a088..b8d1bb51 100644 --- a/src/api/web.rs +++ b/src/api/web.rs @@ -102,6 +102,17 @@ pub fn static_files(filename: String) -> Result<(ContentType, &'static [u8]), Er "hibp.png" => Ok((ContentType::PNG, include_bytes!("../static/images/hibp.png"))), "vaultwarden-icon.png" => Ok((ContentType::PNG, include_bytes!("../static/images/vaultwarden-icon.png"))), "vaultwarden-favicon.png" => Ok((ContentType::PNG, include_bytes!("../static/images/vaultwarden-favicon.png"))), + "404.css" => Ok((ContentType::CSS, include_bytes!("../static/scripts/404.css"))), + "admin.css" => Ok((ContentType::CSS, include_bytes!("../static/scripts/admin.css"))), + "admin.js" => Ok((ContentType::JavaScript, include_bytes!("../static/scripts/admin.js"))), + "admin_settings.js" => Ok((ContentType::JavaScript, include_bytes!("../static/scripts/admin_settings.js"))), + "admin_users.js" => Ok((ContentType::JavaScript, include_bytes!("../static/scripts/admin_users.js"))), + "admin_organizations.js" => { + Ok((ContentType::JavaScript, include_bytes!("../static/scripts/admin_organizations.js"))) + } + "admin_diagnostics.js" => { + Ok((ContentType::JavaScript, include_bytes!("../static/scripts/admin_diagnostics.js"))) + } "bootstrap.css" => Ok((ContentType::CSS, include_bytes!("../static/scripts/bootstrap.css"))), "bootstrap-native.js" => Ok((ContentType::JavaScript, include_bytes!("../static/scripts/bootstrap-native.js"))), "jdenticon.js" => Ok((ContentType::JavaScript, include_bytes!("../static/scripts/jdenticon.js"))), |