From 9465e8a2fb4be09253b20b56e34274b23853b846 Mon Sep 17 00:00:00 2001
From: MattIPv4 <me@mattcowley.co.uk>
Date: Tue, 2 Jun 2020 17:27:48 +0100
Subject: [PATCH] Add warning for wordpress CSP unsafe-eval (fixes #144)

---
 .../en/templates/global_sections/security.js  |  3 +++
 .../templates/global_sections/security.vue    | 20 +++++++++++++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/nginxconfig/i18n/en/templates/global_sections/security.js b/src/nginxconfig/i18n/en/templates/global_sections/security.js
index 25fc25b..a2ad58d 100644
--- a/src/nginxconfig/i18n/en/templates/global_sections/security.js
+++ b/src/nginxconfig/i18n/en/templates/global_sections/security.js
@@ -14,6 +14,9 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+import common from '../../common';
+
 export default {
+    whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality: `When using ${common.wordPress}, <code class="slim">'unsafe-eval'</code> is often required in the Content Security Policy to allow the admin panel to function correctly.`,
     security: 'Security',
 };
diff --git a/src/nginxconfig/templates/global_sections/security.vue b/src/nginxconfig/templates/global_sections/security.vue
index 77d50a9..bea9109 100644
--- a/src/nginxconfig/templates/global_sections/security.vue
+++ b/src/nginxconfig/templates/global_sections/security.vue
@@ -32,7 +32,7 @@ limitations under the License.
             </div>
         </div>
 
-        <div class="field is-horizontal">
+        <div :class="`field is-horizontal${hasWordPress && !hasUnsafeEval ? ' is-aligned-top' : ''}`">
             <div class="field-label">
                 <label class="label">Content-Security-Policy</label>
             </div>
@@ -45,6 +45,14 @@ limitations under the License.
                                :placeholder="$props.data.contentSecurityPolicy.default"
                         />
                     </div>
+                    <template v-if="hasWordPress && !hasUnsafeEval">
+                        <br />
+                        <div class="message is-warning">
+                            <div class="message-body"
+                                 v-html="i18n.templates.globalSections.security.whenUsingWordPressUnsafeEvalIsOftenRequiredToAllowFunctionality"
+                            ></div>
+                        </div>
+                    </template>
                 </div>
             </div>
         </div>
@@ -140,7 +148,15 @@ limitations under the License.
                 i18n,
             };
         },
-        computed: computedFromDefaults(defaults, 'security'),   // Getters & setters for the delegated data
+        computed: {
+            ...computedFromDefaults(defaults, 'security'),          // Getters & setters for the delegated data
+            hasWordPress() {
+                return this.$parent.$parent.$data.domains.some(d => d.php.wordPressRules.computed);
+            },
+            hasUnsafeEval() {
+                return this.$props.data.contentSecurityPolicy.computed.includes('\'unsafe-eval\'');
+            },
+        },
         watch: {
             // Check referrer policy selection is valid
             '$props.data.referrerPolicy': {