MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into fix-ci-on-master

This commit is contained in:
Sam Rose 2024-11-18 14:45:09 +00:00 committed by GitHub
parent 0e742807de f6897c7af0
commit 7af843f298
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 4 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
packages/backend-core/src/environment.ts
View File

@ -231,9 +231,6 @@ const environment = {
MIN_VERSION_WITHOUT_POWER_ROLE: MIN_VERSION_WITHOUT_POWER_ROLE:
process.env.MIN_VERSION_WITHOUT_POWER_ROLE || "3.0.0", process.env.MIN_VERSION_WITHOUT_POWER_ROLE || "3.0.0",
DISABLE_CONTENT_SECURITY_POLICY: process.env.DISABLE_CONTENT_SECURITY_POLICY, DISABLE_CONTENT_SECURITY_POLICY: process.env.DISABLE_CONTENT_SECURITY_POLICY,
// stopgap migration strategy until we can ensure backwards compat without unsafe-inline in CSP
DISABLE_CSP_UNSAFE_INLINE_SCRIPTS:
process.env.DISABLE_CSP_UNSAFE_INLINE_SCRIPTS,
} }
export function setEnv(newEnvVars: Partial<typeof environment>): () => void { export function setEnv(newEnvVars: Partial<typeof environment>): () => void {

5
packages/backend-core/src/middleware/contentSecurityPolicy.ts
View File

@ -1,5 +1,4 @@
import crypto from "crypto" import crypto from "crypto"
import env from "../environment"
const CSP_DIRECTIVES = { const CSP_DIRECTIVES = {
"default-src": ["'self'"], "default-src": ["'self'"],
@ -97,10 +96,6 @@ export async function contentSecurityPolicy(ctx: any, next: any) {
`'nonce-${nonce}'`, `'nonce-${nonce}'`,
] ]
if (!env.DISABLE_CSP_UNSAFE_INLINE_SCRIPTS) {
directives["script-src"].push("'unsafe-inline'")
}
ctx.state.nonce = nonce ctx.state.nonce = nonce
const cspHeader = Object.entries(directives) const cspHeader = Object.entries(directives)

4
packages/builder/src/components/common/NavItem.svelte
View File

@ -84,8 +84,8 @@
on:mouseleave on:mouseleave
on:click={onClick} on:click={onClick}
on:contextmenu on:contextmenu
ondragover="return false" on:dragover={e => e.preventDefault()}
ondragenter="return false" on:dragenter={e => e.preventDefault()}
{id} {id}
{style} {style}
{draggable} {draggable}

4
packages/builder/src/pages/builder/app/[application]/design/[screenId]/_components/ComponentList/ComponentScrollWrapper.svelte
View File

@ -68,8 +68,8 @@
on:scroll on:scroll
bind:this={scrollRef} bind:this={scrollRef}
on:drop={onDrop} on:drop={onDrop}
ondragover="return false" on:dragover={e => e.preventDefault()}
ondragenter="return false" on:dragenter={e => e.preventDefault()}
> >
<slot /> <slot />
</div> </div>