commit 1871f033a5c02210cba95b1c3788607fda70a181
author Akron <nils@diewald-online.de> Fri Jan 29 10:35:53 2021 +0100
committer Akron <nils@diewald-online.de> Fri Jan 29 10:41:00 2021 +0100
tree 00ff6ac628f59d3b743324de5d20a27be26134e4
parent 1497d578bf6f255f56f6283007b6fdd8442729a4

Support CSP in overview image

Change-Id: Ibf78cce13637944c2b16f2b3826ca09903a97030

Changes

diff --git a/Changes b/Changes
index 1c6bb51..810acc9 100755
--- a/Changes
+++ b/Changes
@@ -1,4 +1,4 @@
-0.41 2021-01-28
+0.41 2021-01-29
         - Introduce CORS headers to the proxy.
         - Introduce Content Security Policy.
         - Remove default api endpoint from config to
@@ -20,6 +20,7 @@
         - Support CSP in Matomo/Piwik plugin.
         - Removed deprecated default behaviour
           of the Piwik/Matomo plugin.
+        - Support CSP in overview SVG image.
 
 0.40 2020-12-17
         - Modernize ES and fix in-loops.

dev/img/korap-overview.svg

diff --git a/dev/img/korap-overview.svg b/dev/img/korap-overview.svg
index 1a994e3..1e2837c 100644
--- a/dev/img/korap-overview.svg
+++ b/dev/img/korap-overview.svg
@@ -203,6 +203,7 @@
       <path d="M1099.378 278.286h2.764v-18h-2.764zm5.528 6h2.764v-30h-2.764zm5.528 4h2.764v-38h-2.764zm5.528 0h2.764v-38h-2.764zm5.528 0h2.763v-38h-2.763zm5.527 0h2.764v-38h-2.763zm5.528 0h2.764v-38h-2.765zm5.528 0h2.764v-38h-2.764zm5.528 0h2.765v-38h-2.764zm5.53 0h2.762v-38h-2.763zm5.526 0h2.764v-38h-2.764zm5.528 0h2.764v-38h-2.764z" class="connector"/>
     </g>
   </g>
+  <!-- CSP supported hash 'sha256-VGXK99kFz+zmAQ0kxgleFrBWZgybFAPOl3GQtS7FQkI=' -->
   <script type="text/javascript">
 <![CDATA[
   var query = window.location.search.substring(1);
@@ -211,8 +212,8 @@
 
     var p = {};
     for (var i = 0; i < vars.length; i++) {
-        var pair = vars[i].split('=');
-	p[pair[0]] = pair[1];
+      var pair = vars[i].split('=');
+	    p[pair[0]] = pair[1];
     };
 
     if (p['base'] !== undefined || p['embedded'] !== undefined) {
@@ -230,10 +231,10 @@
           url += '?embedded=true';
 
         anchors[i].setAttributeNS(
-	  'http://www.w3.org/1999/xlink',
-	  'xlink:href',
-	  url
-	);
+	      'http://www.w3.org/1999/xlink',
+	      'xlink:href',
+	      url
+	      );
       };
     };
   };

lib/Kalamar.pm

diff --git a/lib/Kalamar.pm b/lib/Kalamar.pm
index 59d2695..b4d5b99 100644
--- a/lib/Kalamar.pm
+++ b/lib/Kalamar.pm
@@ -168,7 +168,8 @@
   $self->plugin(CSP => {
     'default-src' => 'self',
     'style-src'   => ['self','unsafe-inline'],
-    'script-src'  => 'self',
+    # Hash for korap-overview.svg script
+    'script-src'  => ['self','sha256-VGXK99kFz+zmAQ0kxgleFrBWZgybFAPOl3GQtS7FQkI='],
     'connect-src' => 'self',
     'frame-src'   => '*',
     'media-src'   => 'none',