publicdata/j40-cejst-2
1
0
Fork 0
mirror of https://github.com/DOI-DO/j40-cejst-2.git synced 2025-02-22 17:44:20 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add CSP plugin

Browse source 
- OWASP flagged a minor issue with CSP. Checking if this will fix the issue
This commit is contained in:
Vim USDS 2022-07-01 10:50:37 -07:00
parent e418ebacf4
commit e571f80008
3 changed files with 36 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
client/gatsby-config.js
View file

@ -105,5 +105,21 @@ module.exports = {
sampleRate: 0.7, sampleRate: 0.7,
}, },
}, },
{
resolve: `gatsby-plugin-csp`,
options: {
disableOnDev: true,
reportOnly: false, // Changes header to Content-Security-Policy-Report-Only for csp testing purposes
mergeScriptHashes: true, // you can disable scripts sha256 hashes
mergeStyleHashes: true, // you can disable styles sha256 hashes
mergeDefaultDirectives: true,
directives: {
'script-src': '\'self\' www.google-analytics.com',
'style-src': '\'self\' \'unsafe-inline\'',
'img-src': '\'self\' data: www.google-analytics.com',
// you can add your directives or override defaults
},
},
},
], ],
}; };

19
client/package-lock.json generated
View file

@ -14,6 +14,7 @@
"@trussworks/react-uswds": "^2.9.0", "@trussworks/react-uswds": "^2.9.0",
"@turf/bbox": "^6.5.0", "@turf/bbox": "^6.5.0",
"d3-ease": "^3.0.1", "d3-ease": "^3.0.1",
"gatsby-plugin-csp": "^1.1.3",
"gatsby-plugin-env-variables": "^2.2.0", "gatsby-plugin-env-variables": "^2.2.0",
"gatsby-plugin-robots-txt": "^1.7.0", "gatsby-plugin-robots-txt": "^1.7.0",
"gatsby-plugin-sitemap": "^4.10.0", "gatsby-plugin-sitemap": "^4.10.0",
@ -11697,6 +11698,15 @@
"node": ">=12.13.0" "node": ">=12.13.0"
} }
}, },
"node_modules/gatsby-plugin-csp": {
"version": "1.1.3",
"resolved": "https://registry.npmjs.org/gatsby-plugin-csp/-/gatsby-plugin-csp-1.1.3.tgz",
"integrity": "sha512-jTAdWpJXCAaqBXAmf07XVnsgHp7tdtC36XrOQUMRMrEOkEIpM+x+4X3Xma4YAmFbuGH+QKRGmbmCCRNhV//EDA==",
"dependencies": {
"@babel/runtime": "^7.0.0",
"lodash.flatten": "^4.4.0"
}
},
"node_modules/gatsby-plugin-env-variables": { "node_modules/gatsby-plugin-env-variables": {
"version": "2.2.0", "version": "2.2.0",
"resolved": "https://registry.npmjs.org/gatsby-plugin-env-variables/-/gatsby-plugin-env-variables-2.2.0.tgz", "resolved": "https://registry.npmjs.org/gatsby-plugin-env-variables/-/gatsby-plugin-env-variables-2.2.0.tgz",
@ -35666,6 +35676,15 @@
"micromatch": "^4.0.4" "micromatch": "^4.0.4"
} }
}, },
"gatsby-plugin-csp": {
"version": "1.1.3",
"resolved": "https://registry.npmjs.org/gatsby-plugin-csp/-/gatsby-plugin-csp-1.1.3.tgz",
"integrity": "sha512-jTAdWpJXCAaqBXAmf07XVnsgHp7tdtC36XrOQUMRMrEOkEIpM+x+4X3Xma4YAmFbuGH+QKRGmbmCCRNhV//EDA==",
"requires": {
"@babel/runtime": "^7.0.0",
"lodash.flatten": "^4.4.0"
}
},
"gatsby-plugin-env-variables": { "gatsby-plugin-env-variables": {
"version": "2.2.0", "version": "2.2.0",
"resolved": "https://registry.npmjs.org/gatsby-plugin-env-variables/-/gatsby-plugin-env-variables-2.2.0.tgz", "resolved": "https://registry.npmjs.org/gatsby-plugin-env-variables/-/gatsby-plugin-env-variables-2.2.0.tgz",

1
client/package.json
View file

@ -79,6 +79,7 @@
"@trussworks/react-uswds": "^2.9.0", "@trussworks/react-uswds": "^2.9.0",
"@turf/bbox": "^6.5.0", "@turf/bbox": "^6.5.0",
"d3-ease": "^3.0.1", "d3-ease": "^3.0.1",
"gatsby-plugin-csp": "^1.1.3",
"gatsby-plugin-env-variables": "^2.2.0", "gatsby-plugin-env-variables": "^2.2.0",
"gatsby-plugin-robots-txt": "^1.7.0", "gatsby-plugin-robots-txt": "^1.7.0",
"gatsby-plugin-sitemap": "^4.10.0", "gatsby-plugin-sitemap": "^4.10.0",