holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

change our CSP to allow data: for connect-src, which is used by Shoelace to "load" icons

Browse Source
This commit is contained in:
ralf 2022-06-13 13:19:54 +02:00
parent b24b6b42e4
commit 669f679fbc
2 changed files with 3 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
api/js/etemplate/Styles/shoelace.ts
View File

@ -14,26 +14,6 @@ registerIconLibrary('default', {
}, },
}); });
/**
* Override some shoelace icons with EGroupware icons
* In particular, the data: ones give errors with our CSP
* hacky hack to temporarily work around until CSP issue is fixed
*
* @see https://my.egroupware.org/egw/index.php?menuaction=tracker.tracker_ui.edit&tr_id=68774
*/
const egw_icons = {'chevron-down': 'arrow_down', 'x': 'close', 'x-circle-fill': 'close'}
registerIconLibrary("system", {
resolver: (name) =>
{
if(egw_icons[name] && egw)
{
return `${egw.webserverUrl}/pixelegg/images/${egw_icons[name]}.svg`;
}
return "";
}
});
/** /**
* Customise shoelace styles to match our stuff * Customise shoelace styles to match our stuff
* External CSS will override this * External CSS will override this

3
api/src/Header/ContentSecurityPolicy.php
View File

@ -80,6 +80,9 @@ class ContentSecurityPolicy
} }
self::$sources[$source] = []; self::$sources[$source] = [];
} }
// Shoelace needs connect-src: data:
if ($source === 'connect-src') /** @noinspection UnsupportedStringOffsetOperationsInspection */ $attrs[] = 'data:';
foreach((array)$attrs as $attr) foreach((array)$attrs as $attr)
{ {
if (in_array($attr, array('none', 'self', 'unsafe-eval', 'unsafe-inline'))) if (in_array($attr, array('none', 'self', 'unsafe-eval', 'unsafe-inline')))