From cf9286e4c3e475fb8b9247f6e9fed512a08cabf4 Mon Sep 17 00:00:00 2001 From: Developer 02 Date: Tue, 14 May 2024 13:50:03 +0200 Subject: [PATCH] Removed inner styles and updated CSP --- EnvelopeGenerator.Web/Program.cs | 6 +++--- .../Views/Home/EnvelopeLocked.cshtml | 2 +- EnvelopeGenerator.Web/Views/Home/ShowEnvelope.cshtml | 2 +- EnvelopeGenerator.Web/appsettings.json | 12 +++++++++++- EnvelopeGenerator.Web/wwwroot/css/site.css | 11 +++++++++++ 5 files changed, 27 insertions(+), 6 deletions(-) diff --git a/EnvelopeGenerator.Web/Program.cs b/EnvelopeGenerator.Web/Program.cs index 43450505..92f52837 100644 --- a/EnvelopeGenerator.Web/Program.cs +++ b/EnvelopeGenerator.Web/Program.cs @@ -185,9 +185,9 @@ try app.UseHttpsRedirection(); - var csp = config["Content-Security-Policy"]; - if(csp is not null) - app.UseCSPMiddleware(csp); + var csp_list = config.GetSection("Content-Security-Policy").Get(); + if(csp_list is not null) + app.UseCSPMiddleware($"{string.Join("; ", csp_list)};"); app.UseStaticFiles(); diff --git a/EnvelopeGenerator.Web/Views/Home/EnvelopeLocked.cshtml b/EnvelopeGenerator.Web/Views/Home/EnvelopeLocked.cshtml index 001141d1..0ca30e90 100644 --- a/EnvelopeGenerator.Web/Views/Home/EnvelopeLocked.cshtml +++ b/EnvelopeGenerator.Web/Views/Home/EnvelopeLocked.cshtml @@ -67,7 +67,7 @@ } var baseUrl = "/img/flags"; var $state = $( - `${state.text}` + `${state.text}` ); return $state; }; diff --git a/EnvelopeGenerator.Web/Views/Home/ShowEnvelope.cshtml b/EnvelopeGenerator.Web/Views/Home/ShowEnvelope.cshtml index 2e1d6e98..6980f250 100644 --- a/EnvelopeGenerator.Web/Views/Home/ShowEnvelope.cshtml +++ b/EnvelopeGenerator.Web/Views/Home/ShowEnvelope.cshtml @@ -85,4 +85,4 @@ }) } -
\ No newline at end of file +
\ No newline at end of file diff --git a/EnvelopeGenerator.Web/appsettings.json b/EnvelopeGenerator.Web/appsettings.json index c173a676..11b6d4d4 100644 --- a/EnvelopeGenerator.Web/appsettings.json +++ b/EnvelopeGenerator.Web/appsettings.json @@ -12,7 +12,17 @@ }, "PSPDFKitLicenseKey": null, /* The first format parameter {0} will be replaced by the nonce value. */ - "Content-Security-Policy": "default-src 'self'; script-src 'self' 'nonce-{0}'; style-src 'self' 'nonce-{0}'; img-src 'self' data: https:; font-src 'self'; connect-src 'self' wss://localhost:44385 ws://localhost:61446; frame-src 'self'; media-src 'self'; object-src 'self';", + "Content-Security-Policy": [ + "default-src 'self'", + "script-src 'self' 'nonce-{0}'", + "style-src 'self' 'nonce-{0}'", + "img-src 'self' data: https:", + "font-src 'self'", + "connect-src 'self' http://localhost:* https://localhost:* ws://localhost:* wss://localhost:*", + "frame-src 'self'", + "media-src 'self'", + "object-src 'self'" + ], "AdminPassword": "dd", "AllowedOrigins": [ "https://localhost:7202", "https://digitale.unterschrift.wisag.de/" ], "NLog": { diff --git a/EnvelopeGenerator.Web/wwwroot/css/site.css b/EnvelopeGenerator.Web/wwwroot/css/site.css index 937eab6c..fa8ab370 100644 --- a/EnvelopeGenerator.Web/wwwroot/css/site.css +++ b/EnvelopeGenerator.Web/wwwroot/css/site.css @@ -5,6 +5,13 @@ /* Toolbar Buttons */ +#app { + background: gray; + width: 100vw; + height: 100vh; + margin: 0 auto; +} + .button-finish { transition: background-color linear 300ms; background-color: #059669; /* emerald-600 */ @@ -198,4 +205,8 @@ footer#page-footer a:focus { .select2-search__field { display:none +} + +.lang-item { + font-size: 0.85rem; } \ No newline at end of file