Skip to content

Commit

Permalink
Merge pull request #1649 from SUI-Components/feat/csp-report
Browse files Browse the repository at this point in the history
feat(packages/sui-ssr):
  • Loading branch information
Sabri1209 authored Oct 19, 2023
2 parents 81ed960 + 18c7deb commit 7afe9d6
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 1 deletion.
1 change: 1 addition & 0 deletions packages/sui-ssr/hooks-types.js
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ export default {
PRE_HEALTH: 'pre_health',
SETUP_CONTEXT: 'setup_context',
PRE_SSR_HANDLER: 'pre_ssr_handler',
CSP_REPORT: 'csp-report',
PRE_STATIC_PUBLIC: 'pre_static_public',
ROUTE_MATCHING: 'route_matching'
}
2 changes: 2 additions & 0 deletions packages/sui-ssr/server/hooksFactory/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,8 @@ export const hooksFactory = async () => {
return next()
},
[TYPES.LOGGING]: NULL_MDWL,
[TYPES.CSP_REPORT]: (req, res) =>
res.status(200).json({message: 'Tracking disabled'}),
[TYPES.PRE_STATIC_PUBLIC]: NULL_MDWL,
[TYPES.SETUP_CONTEXT]: async (req, res, next) => {
const startContextCreationTime = process.hrtime()
Expand Down
8 changes: 8 additions & 0 deletions packages/sui-ssr/server/index.js
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
/* eslint no-console:0 */
import bodyParser from 'body-parser'
import compression from 'compression'
import express from 'express'
import basicAuth from 'express-basic-auth'
Expand Down Expand Up @@ -56,6 +57,13 @@ const _memoizedHtmlTemplatesMapping = {}

app.use(hooks[TYPES.ROUTE_MATCHING])
app.use(hooks[TYPES.LOGGING])

app.post(
`/${TYPES.CSP_REPORT}`,
bodyParser.json({type: 'application/csp-report'}),
hooks[TYPES.CSP_REPORT]
)

runningUnderAuth && app.use(basicAuth(AUTH_DEFINITION))
app.use(express.static('statics'))

Expand Down
5 changes: 4 additions & 1 deletion packages/sui-ssr/server/middlewares/ssr.js
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ try {
const HEAD_OPENING_TAG = '<head>'
const HEAD_CLOSING_TAG = '</head>'

const CSP_REPORT_PATH = '/csp-report'

const formatServerTimingHeader = metrics =>
Object.entries(metrics)
.reduce((acc, [name, value]) => `${acc}${name};dur=${value},`, '')
Expand Down Expand Up @@ -206,7 +208,8 @@ export default async (req, res, next) => {
'Server-Timing': formatServerTimingHeader({
...performance,
...ssrPerformance
})
}),
'Content-Security-Policy-Report-Only': `default-src 'self'; report-uri ${CSP_REPORT_PATH}`
})
res.write(HtmlBuilder.buildHead({headTplPart, headString, htmlAttributes}))
res.flush()
Expand Down

0 comments on commit 7afe9d6

Please sign in to comment.