Skip to content

Commit

Permalink
Merge pull request #401 from sparcs-kaist/hotfix/channel-csp
Browse files Browse the repository at this point in the history 
Fix prod ChannelTalk errors
  • Loading branch information
@injoonH
injoonH authored Sep 15, 2023
2 parents c684041 + 8141597 commit 0fd6204
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 24 deletions.
24 changes: 18 additions & 6 deletions nginx/nginx-production.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,23 +5,35 @@ server {
server_name _;

location / {
set $CSP "default-src 'self' 'unsafe-inline' newara.sparcs.org blob: "; # Default rules for new-ara
set $CSP "${CSP}*.googleapis.com *.gstatic.com https://www.google-analytics.com "; # Default rules for google fonts, google analytics
set $CSP "${CSP}https://analytics.google.com; "; # Default rules for google analytics
set $CSP "${CSP}object-src 'self'; "; # Disallow Objects
# See this link for more information about CSP
# https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# https://content-security-policy.com/
set $CSP "default-src 'self' 'unsafe-inline' newara.sparcs.org "; # Default rules for new-ara
set $CSP "${CSP}*.channel.io *.cdninstagram.com "; # Default rules for channeltalk
set $CSP "${CSP}blob: *.googleapis.com *.gstatic.com "; # Default rules for google fonts, google analytics
set $CSP "${CSP}https://www.google-analytics.com https://analytics.google.com; "; # Default rules for google analytics

set $CSP "${CSP}object-src 'self'; "; # Disallow Objects
set $CSP "${CSP}connect-src 'self' *.channel.io *.sentry.io wss://*.channel.io "; # Connect rules for channeltalk (1/2)
set $CSP "${CSP}wss://*.desk-ws.channel.io wss://*.front-ws.channel.io "; # Connect rules for channeltalk (2/2)
set $CSP "${CSP}https://www.google-analytics.com https://analytics.google.com; "; # Connect rules for google analytics

set $CSP "${CSP}img-src * data: blob:; "; # Image rules for new-ara (allow all, data, blobs)

set $CSP "${CSP}script-src 'self' "; # Script rules for new-ara
set $CSP "${CSP}*.channel.io *.sentry-cdn.com "; # Script rules for channeltalk
set $CSP "${CSP}*.googleapis.com https://www.google-analytics.com "; # Script rules for google analytics (1/3)
set $CSP "${CSP}https://ssl.google-analytics.com https://www.googletagmanager.com "; # Script rules for google analytics (2/3)
set $CSP "${CSP}'sha512-e/cuSC5V9VDB1AUGqvPz2BwaJ2W83fduZ4RZjXHMtjQrLS0j06MAtFP//Iz9EL55MSm7SNBtyFYlDkmxdif/jg=='";
set $CSP "${CSP}'sha512-e/cuSC5V9VDB1AUGqvPz2BwaJ2W83fduZ4RZjXHMtjQrLS0j06MAtFP//Iz9EL55MSm7SNBtyFYlDkmxdif/jg=='; ";
# Script rules for google analytics (3/3)
# > From our inline script in index.html
set $CSP "${CSP}https://cdn.channel.io;"; # Script rules for channel

add_header Content-Security-Policy $CSP always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000";
add_header Referrer-Policy "origin";

root /usr/share/nginx/newara;
try_files $uri $uri/ /index.html;
Expand Down
25 changes: 7 additions & 18 deletions src/components/TheFooter.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,12 +65,6 @@ export default {
TermsPopup
},
data () {
return {
isChannelOpen: false
}
},
computed: {
agreeTosAt () {
return this.$store.state.auth.userProfile?.agree_terms_of_service_at
Expand All @@ -79,18 +73,13 @@ export default {
methods: {
openChannelService () {
this.isChannelOpen = !this.isChannelOpen
if (this.isChannelOpen) {
ChannelService.updateUser({
profile: {
name: this.$store.state.auth.userProfile?.nickname,
email: this.$store.state.auth.userProfile?.email
}
})
ChannelService.showMessenger()
} else {
ChannelService.hideMessenger()
}
ChannelService.updateUser({
profile: {
name: this.$store.state.auth.userProfile?.nickname,
email: this.$store.state.auth.userProfile?.email
}
})
ChannelService.showMessenger()
}
}
}
Expand Down

0 comments on commit 0fd6204

Please sign in to comment.