github
/
nginxconfig.io
mirror of https://github.com/digitalocean/nginxconfig.io
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Improve WordPress CSP warning detection (#273)

pull/276/head
Matt (IPv4) Cowley 2021-05-29 13:17:41 +01:00 committed by GitHub
parent 6200e74842
commit 28b158c748
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 16 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/nginxconfig/i18n/en/templates/global_sections/security.js
View File

@ -1,5 +1,5 @@
/* /*
Copyright 2020 DigitalOcean Copyright 2021 DigitalOcean
This code is licensed under the MIT License. This code is licensed under the MIT License.
You may obtain a copy of the License at You may obtain a copy of the License at
@ -27,6 +27,6 @@ THE SOFTWARE.
import common from '../../common'; import common from '../../common';
export default { export default {
whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `When using ${common.wordPress}, <code class="slim">'unsafe-eval'</code> is often required in the Content Security Policy to allow the admin panel to function correctly.`, whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `When using ${common.wordPress}, <code class="slim">script-src 'self' 'unsafe-inline' 'unsafe-eval';</code> is often required in the Content Security Policy to allow the admin panel to function correctly.`,
security: 'Security', security: 'Security',
}; };

2
src/nginxconfig/i18n/fr/templates/global_sections/security.js
View File

@ -27,6 +27,6 @@ THE SOFTWARE.
import common from '../../common'; import common from '../../common';
export default { export default {
whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `Lors de l'utilisation de ${common.wordPress}, <code class="slim">'unsafe-eval'</code> est fréquemment exigé par la Politique de Sécurité du Contenu pour assurer le bon fonctionnement du panneau d'administration.`, whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `Lors de l'utilisation de ${common.wordPress}, <code class="slim">script-src 'self' 'unsafe-inline' 'unsafe-eval';</code> est fréquemment exigé par la Politique de Sécurité du Contenu pour assurer le bon fonctionnement du panneau d'administration.`,
security: 'Sécurité', security: 'Sécurité',
}; };

4
src/nginxconfig/i18n/pt-br/templates/global_sections/security.js
View File

@ -1,5 +1,5 @@
/* /*
Copyright 2020 DigitalOcean Copyright 2021 DigitalOcean
This code is licensed under the MIT License. This code is licensed under the MIT License.
You may obtain a copy of the License at You may obtain a copy of the License at
@ -27,6 +27,6 @@ THE SOFTWARE.
import common from '../../common'; import common from '../../common';
export default { export default {
whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `Ao utilizar o ${common.wordPress}, <code class="slim">'unsafe-eval'</code> é frequentemente exigido na Política de Segurança de Conteúdo para permitir que o painel de administração funcione corretamente.`, whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `Ao utilizar o ${common.wordPress}, <code class="slim">script-src 'self' 'unsafe-inline' 'unsafe-eval';</code> é frequentemente exigido na Política de Segurança de Conteúdo para permitir que o painel de administração funcione corretamente.`,
security: 'Segurança', security: 'Segurança',
}; };

2
src/nginxconfig/i18n/ru/templates/global_sections/security.js
View File

@ -27,6 +27,6 @@ THE SOFTWARE.
import common from '../../common'; import common from '../../common';
export default { export default {
whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `Во время использования ${common.wordPress}, <code class="slim">'unsafe-eval'</code> часто требуется в Content Security Policy, чтобы панель администратора работала исправно.`, whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `Во время использования ${common.wordPress}, <code class="slim">script-src 'self' 'unsafe-inline' 'unsafe-eval';</code> часто требуется в Content Security Policy, чтобы панель администратора работала исправно.`,
security: 'Безопасность', security: 'Безопасность',
}; };

4
src/nginxconfig/i18n/zh-cn/templates/global_sections/security.js
View File

@ -1,5 +1,5 @@
/* /*
Copyright 2020 DigitalOcean Copyright 2021 DigitalOcean
This code is licensed under the MIT License. This code is licensed under the MIT License.
You may obtain a copy of the License at You may obtain a copy of the License at
@ -27,6 +27,6 @@ THE SOFTWARE.
import common from '../../common'; import common from '../../common';
export default { export default {
whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `当使用${common.wordPress}时,, <code class="slim">'unsafe-eval'</code>经常需要在内容安全策略中,以允许管理面板的功能正确。`, whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `当使用${common.wordPress}时,, <code class="slim">script-src 'self' 'unsafe-inline' 'unsafe-eval';</code>经常需要在内容安全策略中,以允许管理面板的功能正确。`,
security: '安全', security: '安全',
}; };

4
src/nginxconfig/i18n/zh-tw/templates/global_sections/security.js
View File

@ -1,5 +1,5 @@
/* /*
Copyright 2020 DigitalOcean Copyright 2021 DigitalOcean
This code is licensed under the MIT License. This code is licensed under the MIT License.
You may obtain a copy of the License at You may obtain a copy of the License at
@ -27,6 +27,6 @@ THE SOFTWARE.
import common from '../../common'; import common from '../../common';
export default { export default {
whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `當使用${common.wordPress}時,, <code class="slim">'unsafe-eval'</code>經常需要在內容安全策略中,以允許管理面板的功能正確。`, whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `當使用${common.wordPress}時,, <code class="slim">script-src 'self' 'unsafe-inline' 'unsafe-eval';</code>經常需要在內容安全策略中,以允許管理面板的功能正確。`,
security: '安全', security: '安全',
}; };

11
src/nginxconfig/templates/global_sections/security.vue
View File

@ -1,5 +1,5 @@
<!-- <!--
Copyright 2020 DigitalOcean Copyright 2021 DigitalOcean
This code is licensed under the MIT License. This code is licensed under the MIT License.
You may obtain a copy of the License at You may obtain a copy of the License at
@ -55,7 +55,7 @@ THE SOFTWARE.
:placeholder="$props.data.contentSecurityPolicy.default" :placeholder="$props.data.contentSecurityPolicy.default"
/> />
</div> </div>
<div v-if="hasWordPress && !hasUnsafeEval" class="control"> <div v-if="hasWordPress && !hasWordPressUnsafeEval" class="control">
<label class="text message is-warning"> <label class="text message is-warning">
<span class="message-body" <span class="message-body"
v-html="$t('templates.globalSections.security.whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality')" v-html="$t('templates.globalSections.security.whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality')"
@ -199,11 +199,12 @@ THE SOFTWARE.
hasWordPress() { hasWordPress() {
return this.$parent.$parent.$data.domains.some(d => d && d.php.wordPressRules.computed); return this.$parent.$parent.$data.domains.some(d => d && d.php.wordPressRules.computed);
}, },
hasUnsafeEval() { hasWordPressUnsafeEval() {
return this.$props.data.contentSecurityPolicy.computed.includes('\'unsafe-eval\''); return this.$props.data.contentSecurityPolicy.computed
.match(/(default|script)-src[^;]+'self'[^;]+'unsafe-inline'[^;]+'unsafe-eval'[^;]*;/) !== null;
}, },
hasWarnings() { hasWarnings() {
return this.hasWordPress && !this.hasUnsafeEval; return this.hasWordPress && !this.hasWordPressUnsafeEval;
}, },
}, },
watch: { watch: {