Add warning for wordpress CSP unsafe-eval (fixes #144)

5 years ago · 9465e8a2fb
parent 594e307d2a
commit 9465e8a2fb
2 changed files with 21 additions and 2 deletions
--- a/src/nginxconfig/i18n/en/templates/global_sections/security.js
+++ b/src/nginxconfig/i18n/en/templates/global_sections/security.js
@ -14,6 +14,9 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */

+import common from '../../common';
+
 export default {
+    whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `When using ${common.wordPress}, <code class="slim">'unsafe-eval'</code> is often required in the Content Security Policy to allow the admin panel to function correctly.`,
    security: 'Security',
 };
--- a/src/nginxconfig/templates/global_sections/security.vue
+++ b/src/nginxconfig/templates/global_sections/security.vue
@ -32,7 +32,7 @@ limitations under the License.
            </div>
        </div>

-        <div class="field is-horizontal">
+        <div :class="`field is-horizontal${hasWordPress && !hasUnsafeEval ? ' is-aligned-top' : ''}`">
            <div class="field-label">
                <label class="label">Content-Security-Policy</label>
            </div>
@ -45,6 +45,14 @@ limitations under the License.
                               :placeholder="$props.data.contentSecurityPolicy.default"
                        />
                    </div>
+                    <template v-if="hasWordPress && !hasUnsafeEval">
+                        <br />
+                        <div class="message is-warning">
+                            <div class="message-body"
+                                 v-html="i18n.templates.globalSections.security.whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality"
+                            ></div>
+                        </div>
+                    </template>
                </div>
            </div>
        </div>
@ -140,7 +148,15 @@ limitations under the License.
                i18n,
            };
        },
-        computed: computedFromDefaults(defaults, 'security'),   // Getters & setters for the delegated data
+        computed: {
+            ...computedFromDefaults(defaults, 'security'),          // Getters & setters for the delegated data
+            hasWordPress() {
+                return this.$parent.$parent.$data.domains.some(d => d.php.wordPressRules.computed);
+            },
+            hasUnsafeEval() {
+                return this.$props.data.contentSecurityPolicy.computed.includes('\'unsafe-eval\'');
+            },
+        },
        watch: {
            // Check referrer policy selection is valid
            '$props.data.referrerPolicy': {