From df6a4b8b61181bae40298a7031bb66af6373ebb7 Mon Sep 17 00:00:00 2001 From: Jeremy Davis Date: Mon, 14 Oct 2024 11:01:10 +0200 Subject: SONAR-23205 Migrate build system to vite --- .../src/main/java/org/sonar/server/platform/web/CspFilter.java | 3 ++- .../src/main/java/org/sonar/server/platform/web/WebPagesCache.java | 2 +- .../src/test/java/org/sonar/server/platform/web/CspFilterTest.java | 2 +- .../src/test/java/org/sonar/server/platform/web/WebPagesCacheTest.java | 2 +- 4 files changed, 5 insertions(+), 4 deletions(-) (limited to 'server/sonar-webserver/src') diff --git a/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/CspFilter.java b/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/CspFilter.java index 93ac1a8a1e4..a0f7b100dbc 100644 --- a/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/CspFilter.java +++ b/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/CspFilter.java @@ -46,7 +46,8 @@ public class CspFilter implements Filter { cspPolicies.add("font-src 'self' data:"); cspPolicies.add("img-src * data: blob:"); cspPolicies.add("object-src 'none'"); - cspPolicies.add("script-src 'self'"); + // the hash below corresponds to the window.__assetsPath script in index.html + cspPolicies.add("script-src 'self' 'sha256-D1jaqcDDM2TM2STrzE42NNqyKR9PlptcHDe6tyaBcuM='"); cspPolicies.add("style-src 'self' 'unsafe-inline'"); cspPolicies.add("worker-src 'none'"); this.policies = String.join("; ", cspPolicies).trim(); diff --git a/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/WebPagesCache.java b/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/WebPagesCache.java index a383ccb2402..7bd6929d18e 100644 --- a/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/WebPagesCache.java +++ b/server/sonar-webserver/src/main/java/org/sonar/server/platform/web/WebPagesCache.java @@ -37,7 +37,7 @@ import static org.sonar.server.platform.Platform.Status.UP; public class WebPagesCache { - private static final String WEB_CONTEXT_PLACEHOLDER = "%WEB_CONTEXT%"; + private static final String WEB_CONTEXT_PLACEHOLDER = "WEB_CONTEXT"; private static final String SERVER_STATUS_PLACEHOLDER = "%SERVER_STATUS%"; private static final String INSTANCE_PLACEHOLDER = "%INSTANCE%"; private static final String OFFICIAL_PLACEHOLDER = "%OFFICIAL%"; diff --git a/server/sonar-webserver/src/test/java/org/sonar/server/platform/web/CspFilterTest.java b/server/sonar-webserver/src/test/java/org/sonar/server/platform/web/CspFilterTest.java index d4f1c1b2e7b..77290ec96d5 100644 --- a/server/sonar-webserver/src/test/java/org/sonar/server/platform/web/CspFilterTest.java +++ b/server/sonar-webserver/src/test/java/org/sonar/server/platform/web/CspFilterTest.java @@ -42,7 +42,7 @@ public class CspFilterTest { "font-src 'self' data:; " + "img-src * data: blob:; " + "object-src 'none'; " + - "script-src 'self'; " + + "script-src 'self' 'sha256-D1jaqcDDM2TM2STrzE42NNqyKR9PlptcHDe6tyaBcuM='; " + "style-src 'self' 'unsafe-inline'; " + "worker-src 'none'"; private final ServletContext servletContext = mock(ServletContext.class, RETURNS_MOCKS); diff --git a/server/sonar-webserver/src/test/java/org/sonar/server/platform/web/WebPagesCacheTest.java b/server/sonar-webserver/src/test/java/org/sonar/server/platform/web/WebPagesCacheTest.java index 810bae4ed6e..8911350c82d 100644 --- a/server/sonar-webserver/src/test/java/org/sonar/server/platform/web/WebPagesCacheTest.java +++ b/server/sonar-webserver/src/test/java/org/sonar/server/platform/web/WebPagesCacheTest.java @@ -53,7 +53,7 @@ public class WebPagesCacheTest { public void setUp() { when(servletContext.getContextPath()).thenReturn(TEST_CONTEXT); when(servletContext.getResourceAsStream("/index.html")).thenAnswer( - (Answer) invocationOnMock -> toInputStream("Content of default index.html with context [%WEB_CONTEXT%], status [%SERVER_STATUS%], instance [%INSTANCE%]", + (Answer) invocationOnMock -> toInputStream("Content of default index.html with context [WEB_CONTEXT], status [%SERVER_STATUS%], instance [%INSTANCE%]", UTF_8)); } -- cgit v1.2.3