Removes Google Fonts. Fixes #1117
Amir Raminfar
@@ -119,7 +119,6 @@ Dozzle follows the [12-factor](https://12factor.net/) model. Configurations can
|
|||||||
Dozzle does not collect any metrics or analytics. Dozzle has a [strict](https://github.com/amir20/dozzle/blob/master/routes.go#L33-L38) Content Security Policy which only allows the following policies:
|
Dozzle does not collect any metrics or analytics. Dozzle has a [strict](https://github.com/amir20/dozzle/blob/master/routes.go#L33-L38) Content Security Policy which only allows the following policies:
|
||||||
|
|
||||||
- Allow connect to `api.github.com` to fetch most recent version.
|
- Allow connect to `api.github.com` to fetch most recent version.
|
||||||
- Allow fonts from `fonts.gstatic.com` and styles from `fonts.googleapis.com`
|
|
||||||
- Only allow `<script>` and `<style>` files from `self`
|
- Only allow `<script>` and `<style>` files from `self`
|
||||||
|
|
||||||
Dozzle opens all links with `rel="noopener"`.
|
Dozzle opens all links with `rel="noopener"`.
|
||||||
@@ -139,4 +138,3 @@ To Build and test locally:
|
|||||||
3. Install [reflex](https://github.com/cespare/reflex) with `get -u github.com/cespare/reflex` outside of dozzle.
|
3. Install [reflex](https://github.com/cespare/reflex) with `get -u github.com/cespare/reflex` outside of dozzle.
|
||||||
4. Install node modules with `yarn`.
|
4. Install node modules with `yarn`.
|
||||||
5. Do `yarn dev`
|
5. Do `yarn dev`
|
||||||
|
|
||||||
|
|||||||
@@ -64,7 +64,7 @@ export default {
|
|||||||
<style scoped lang="scss">
|
<style scoped lang="scss">
|
||||||
.events {
|
.events {
|
||||||
padding: 10px;
|
padding: 10px;
|
||||||
font-family: "Roboto Mono", monaco, monospace;
|
font-family: monaco, monospace;
|
||||||
|
|
||||||
& > li {
|
& > li {
|
||||||
word-wrap: break-word;
|
word-wrap: break-word;
|
||||||
|
|||||||
@@ -4,10 +4,6 @@
|
|||||||
<meta charset="utf-8" />
|
<meta charset="utf-8" />
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||||
<title>Dozzle</title>
|
<title>Dozzle</title>
|
||||||
<link
|
|
||||||
href="https://fonts.googleapis.com/css2?family=Roboto:wght@300;400&family=Roboto+Mono&display=swap"
|
|
||||||
rel="stylesheet"
|
|
||||||
/>
|
|
||||||
<script type="application/json" id="config__json">
|
<script type="application/json" id="config__json">
|
||||||
{
|
{
|
||||||
"base": "{{ .Base }}",
|
"base": "{{ .Base }}",
|
||||||
|
|||||||
|
Before Width: | Height: | Size: 36 KiB After Width: | Height: | Size: 41 KiB |
|
Before Width: | Height: | Size: 35 KiB After Width: | Height: | Size: 38 KiB |
|
Before Width: | Height: | Size: 68 KiB After Width: | Height: | Size: 69 KiB |
|
Before Width: | Height: | Size: 78 KiB After Width: | Height: | Size: 77 KiB |
|
Before Width: | Height: | Size: 35 KiB After Width: | Height: | Size: 39 KiB |
|
Before Width: | Height: | Size: 70 KiB After Width: | Height: | Size: 70 KiB |
|
Before Width: | Height: | Size: 79 KiB After Width: | Height: | Size: 79 KiB |
@@ -1,7 +1,7 @@
|
|||||||
/* snapshot: Test_createRoutes_foobar */
|
/* snapshot: Test_createRoutes_foobar */
|
||||||
HTTP/1.1 200 OK
|
HTTP/1.1 200 OK
|
||||||
Connection: close
|
Connection: close
|
||||||
Content-Security-Policy: default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self'; manifest-src 'self'; font-src fonts.gstatic.com; connect-src 'self' api.github.com; require-trusted-types-for 'script'
|
Content-Security-Policy: default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'; manifest-src 'self'; connect-src 'self' api.github.com; require-trusted-types-for 'script'
|
||||||
Content-Type: text/plain; charset=utf-8
|
Content-Type: text/plain; charset=utf-8
|
||||||
|
|
||||||
foo page
|
foo page
|
||||||
@@ -9,7 +9,7 @@ foo page
|
|||||||
/* snapshot: Test_createRoutes_index */
|
/* snapshot: Test_createRoutes_index */
|
||||||
HTTP/1.1 200 OK
|
HTTP/1.1 200 OK
|
||||||
Connection: close
|
Connection: close
|
||||||
Content-Security-Policy: default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self'; manifest-src 'self'; font-src fonts.gstatic.com; connect-src 'self' api.github.com; require-trusted-types-for 'script'
|
Content-Security-Policy: default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'; manifest-src 'self'; connect-src 'self' api.github.com; require-trusted-types-for 'script'
|
||||||
Content-Type: text/plain; charset=utf-8
|
Content-Type: text/plain; charset=utf-8
|
||||||
|
|
||||||
index page
|
index page
|
||||||
@@ -17,7 +17,7 @@ index page
|
|||||||
/* snapshot: Test_createRoutes_redirect */
|
/* snapshot: Test_createRoutes_redirect */
|
||||||
HTTP/1.1 301 Moved Permanently
|
HTTP/1.1 301 Moved Permanently
|
||||||
Connection: close
|
Connection: close
|
||||||
Content-Security-Policy: default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self'; manifest-src 'self'; font-src fonts.gstatic.com; connect-src 'self' api.github.com; require-trusted-types-for 'script'
|
Content-Security-Policy: default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'; manifest-src 'self'; connect-src 'self' api.github.com; require-trusted-types-for 'script'
|
||||||
Content-Type: text/html; charset=utf-8
|
Content-Type: text/html; charset=utf-8
|
||||||
Location: /foobar/
|
Location: /foobar/
|
||||||
|
|
||||||
@@ -26,7 +26,7 @@ Location: /foobar/
|
|||||||
/* snapshot: Test_createRoutes_version */
|
/* snapshot: Test_createRoutes_version */
|
||||||
HTTP/1.1 200 OK
|
HTTP/1.1 200 OK
|
||||||
Connection: close
|
Connection: close
|
||||||
Content-Security-Policy: default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self'; manifest-src 'self'; font-src fonts.gstatic.com; connect-src 'self' api.github.com; require-trusted-types-for 'script'
|
Content-Security-Policy: default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'; manifest-src 'self'; connect-src 'self' api.github.com; require-trusted-types-for 'script'
|
||||||
Content-Type: text/plain; charset=utf-8
|
Content-Type: text/plain; charset=utf-8
|
||||||
|
|
||||||
dev
|
dev
|
||||||
|
|||||||
@@ -83,7 +83,7 @@ func createRouter(h *handler) *mux.Router {
|
|||||||
|
|
||||||
func setCSPHeaders(next http.Handler) http.Handler {
|
func setCSPHeaders(next http.Handler) http.Handler {
|
||||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
w.Header().Set("Content-Security-Policy", "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self'; manifest-src 'self'; font-src fonts.gstatic.com; connect-src 'self' api.github.com; require-trusted-types-for 'script'")
|
w.Header().Set("Content-Security-Policy", "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'; manifest-src 'self'; connect-src 'self' api.github.com; require-trusted-types-for 'script'")
|
||||||
next.ServeHTTP(w, r)
|
next.ServeHTTP(w, r)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|||||||