From 28b158c7487ca2e2079330e30b7be8ba0b57749f Mon Sep 17 00:00:00 2001
From: "Matt (IPv4) Cowley" <me@mattcowley.co.uk>
Date: Sat, 29 May 2021 13:17:41 +0100
Subject: [PATCH] Improve WordPress CSP warning detection (#273)

---
 .../i18n/en/templates/global_sections/security.js     |  4 ++--
 .../i18n/fr/templates/global_sections/security.js     |  2 +-
 .../i18n/pt-br/templates/global_sections/security.js  |  4 ++--
 .../i18n/ru/templates/global_sections/security.js     |  2 +-
 .../i18n/zh-cn/templates/global_sections/security.js  |  4 ++--
 .../i18n/zh-tw/templates/global_sections/security.js  |  4 ++--
 .../templates/global_sections/security.vue            | 11 ++++++-----
 7 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/src/nginxconfig/i18n/en/templates/global_sections/security.js b/src/nginxconfig/i18n/en/templates/global_sections/security.js
index ba3960a..fec968f 100644
--- a/src/nginxconfig/i18n/en/templates/global_sections/security.js
+++ b/src/nginxconfig/i18n/en/templates/global_sections/security.js
@@ -1,5 +1,5 @@
 /*
-Copyright 2020 DigitalOcean
+Copyright 2021 DigitalOcean
 
 This code is licensed under the MIT License.
 You may obtain a copy of the License at
@@ -27,6 +27,6 @@ THE SOFTWARE.
 import common from '../../common';
 
 export default {
-    whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `When using ${common.wordPress}, <code class="slim">'unsafe-eval'</code> is often required in the Content Security Policy to allow the admin panel to function correctly.`,
+    whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `When using ${common.wordPress}, <code class="slim">script-src 'self' 'unsafe-inline' 'unsafe-eval';</code> is often required in the Content Security Policy to allow the admin panel to function correctly.`,
     security: 'Security',
 };
diff --git a/src/nginxconfig/i18n/fr/templates/global_sections/security.js b/src/nginxconfig/i18n/fr/templates/global_sections/security.js
index 9af5084..3ddc4af 100644
--- a/src/nginxconfig/i18n/fr/templates/global_sections/security.js
+++ b/src/nginxconfig/i18n/fr/templates/global_sections/security.js
@@ -27,6 +27,6 @@ THE SOFTWARE.
 import common from '../../common';
 
 export default {
-    whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `Lors de l'utilisation de ${common.wordPress}, <code class="slim">'unsafe-eval'</code> est fréquemment exigé par la Politique de Sécurité du Contenu pour assurer le bon fonctionnement du panneau d'administration.`,
+    whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `Lors de l'utilisation de ${common.wordPress}, <code class="slim">script-src 'self' 'unsafe-inline' 'unsafe-eval';</code> est fréquemment exigé par la Politique de Sécurité du Contenu pour assurer le bon fonctionnement du panneau d'administration.`,
     security: 'Sécurité',
 };
diff --git a/src/nginxconfig/i18n/pt-br/templates/global_sections/security.js b/src/nginxconfig/i18n/pt-br/templates/global_sections/security.js
index 7003e3d..14bd1d1 100644
--- a/src/nginxconfig/i18n/pt-br/templates/global_sections/security.js
+++ b/src/nginxconfig/i18n/pt-br/templates/global_sections/security.js
@@ -1,5 +1,5 @@
 /*
-Copyright 2020 DigitalOcean
+Copyright 2021 DigitalOcean
 
 This code is licensed under the MIT License.
 You may obtain a copy of the License at
@@ -27,6 +27,6 @@ THE SOFTWARE.
 import common from '../../common';
 
 export default {
-    whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `Ao utilizar o ${common.wordPress}, <code class="slim">'unsafe-eval'</code> é frequentemente exigido na Política de Segurança de Conteúdo para permitir que o painel de administração funcione corretamente.`,
+    whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `Ao utilizar o ${common.wordPress}, <code class="slim">script-src 'self' 'unsafe-inline' 'unsafe-eval';</code> é frequentemente exigido na Política de Segurança de Conteúdo para permitir que o painel de administração funcione corretamente.`,
     security: 'Segurança',
 };
diff --git a/src/nginxconfig/i18n/ru/templates/global_sections/security.js b/src/nginxconfig/i18n/ru/templates/global_sections/security.js
index 1415f70..6ad03dc 100644
--- a/src/nginxconfig/i18n/ru/templates/global_sections/security.js
+++ b/src/nginxconfig/i18n/ru/templates/global_sections/security.js
@@ -27,6 +27,6 @@ THE SOFTWARE.
 import common from '../../common';
 
 export default {
-    whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `Во время использования ${common.wordPress}, <code class="slim">'unsafe-eval'</code> часто требуется в Content Security Policy, чтобы панель администратора работала исправно.`,
+    whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `Во время использования ${common.wordPress}, <code class="slim">script-src 'self' 'unsafe-inline' 'unsafe-eval';</code> часто требуется в Content Security Policy, чтобы панель администратора работала исправно.`,
     security: 'Безопасность',
 };
diff --git a/src/nginxconfig/i18n/zh-cn/templates/global_sections/security.js b/src/nginxconfig/i18n/zh-cn/templates/global_sections/security.js
index eb90e4c..6147f2c 100644
--- a/src/nginxconfig/i18n/zh-cn/templates/global_sections/security.js
+++ b/src/nginxconfig/i18n/zh-cn/templates/global_sections/security.js
@@ -1,5 +1,5 @@
 /*
-Copyright 2020 DigitalOcean
+Copyright 2021 DigitalOcean
 
 This code is licensed under the MIT License.
 You may obtain a copy of the License at
@@ -27,6 +27,6 @@ THE SOFTWARE.
 import common from '../../common';
 
 export default {
-    whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `当使用${common.wordPress}时，, <code class="slim">'unsafe-eval'</code>经常需要在内容安全策略中，以允许管理面板的功能正确。`,
+    whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `当使用${common.wordPress}时，, <code class="slim">script-src 'self' 'unsafe-inline' 'unsafe-eval';</code>经常需要在内容安全策略中，以允许管理面板的功能正确。`,
     security: '安全',
 };
diff --git a/src/nginxconfig/i18n/zh-tw/templates/global_sections/security.js b/src/nginxconfig/i18n/zh-tw/templates/global_sections/security.js
index 245b0e3..fa50e2b 100644
--- a/src/nginxconfig/i18n/zh-tw/templates/global_sections/security.js
+++ b/src/nginxconfig/i18n/zh-tw/templates/global_sections/security.js
@@ -1,5 +1,5 @@
 /*
-Copyright 2020 DigitalOcean
+Copyright 2021 DigitalOcean
 
 This code is licensed under the MIT License.
 You may obtain a copy of the License at
@@ -27,6 +27,6 @@ THE SOFTWARE.
 import common from '../../common';
 
 export default {
-    whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `當使用${common.wordPress}時，, <code class="slim">'unsafe-eval'</code>經常需要在內容安全策略中，以允許管理面板的功能正確。`,
+    whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `當使用${common.wordPress}時，, <code class="slim">script-src 'self' 'unsafe-inline' 'unsafe-eval';</code>經常需要在內容安全策略中，以允許管理面板的功能正確。`,
     security: '安全',
 };
diff --git a/src/nginxconfig/templates/global_sections/security.vue b/src/nginxconfig/templates/global_sections/security.vue
index bf233f7..0990b85 100644
--- a/src/nginxconfig/templates/global_sections/security.vue
+++ b/src/nginxconfig/templates/global_sections/security.vue
@@ -1,5 +1,5 @@
 <!--
-Copyright 2020 DigitalOcean
+Copyright 2021 DigitalOcean
 
 This code is licensed under the MIT License.
 You may obtain a copy of the License at
@@ -55,7 +55,7 @@ THE SOFTWARE.
                                :placeholder="$props.data.contentSecurityPolicy.default"
                         />
                     </div>
-                    <div v-if="hasWordPress && !hasUnsafeEval" class="control">
+                    <div v-if="hasWordPress && !hasWordPressUnsafeEval" class="control">
                         <label class="text message is-warning">
                             <span class="message-body"
                                   v-html="$t('templates.globalSections.security.whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality')"
@@ -199,11 +199,12 @@ THE SOFTWARE.
             hasWordPress() {
                 return this.$parent.$parent.$data.domains.some(d => d && d.php.wordPressRules.computed);
             },
-            hasUnsafeEval() {
-                return this.$props.data.contentSecurityPolicy.computed.includes('\'unsafe-eval\'');
+            hasWordPressUnsafeEval() {
+                return this.$props.data.contentSecurityPolicy.computed
+                    .match(/(default|script)-src[^;]+'self'[^;]+'unsafe-inline'[^;]+'unsafe-eval'[^;]*;/) !== null;
             },
             hasWarnings() {
-                return this.hasWordPress && !this.hasUnsafeEval;
+                return this.hasWordPress && !this.hasWordPressUnsafeEval;
             },
         },
         watch: {