Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

Commit

Permalink
fix: correct CSP directive for login and account templates (#47)
Browse files Browse the repository at this point in the history
  • Loading branch information
@lbenthins
lbenthins authored Jul 10, 2020
1 parent d043f96 commit c60396e
Show file tree
Hide file tree
Showing 6 changed files with 10 additions and 8 deletions.
2 changes: 2 additions & 0 deletions src/themes/cwa/account/resources/logout.js
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
document.getElementById("popup-menu").addEventListener("click", showUserPopup);

function showUserPopup() {
var popup = document.getElementById("logout");
popup.classList.toggle("show");
Expand Down
8 changes: 4 additions & 4 deletions src/themes/cwa/account/template.ftl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,11 @@
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="Content-Security-Policy" content="default-src 'self' style-src 'unsafe-inline'">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; img-src 'self'"/>
<meta name="robots" content="noindex, nofollow">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="icon" href="${url.resourcesPath}/img/c-19_logo.png">
<link rel="stylesheet" type="text/css" href="${url.resourcesPath}/password.css">
<script src="${url.resourcesPath}/logout.js"></script>
<title>${msg("changePasswordHtmlTitle")}</title>
</head>
<body>
Expand All @@ -31,12 +30,13 @@
</tr>
</table>

<table class="user" onclick="showUserPopup()">
<table id="popup-menu" class="user">
<tr>
<td><img src="${url.resourcesPath}/img/user.png"/></td>
<td><img src="${url.resourcesPath}/img/user.png"/></td>
<td style="padding-left: 10px;">${(account.username!'')}<td/>
</tr>
</table>
<script src="${url.resourcesPath}/logout.js"></script>
<a href="${url.logoutUrl}"><button class="button-logout" id="logout">${msg("doSignOut")}</button></a>

<#if message?has_content>
Expand Down
2 changes: 1 addition & 1 deletion src/themes/cwa/login/login-config-totp.ftl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<html lang="de">
<head>
<meta charset="utf-8">
<meta http-equiv="Content-Security-Policy" content="default-src 'self' style-src 'unsafe-inline'">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" type="text/css" href="${url.resourcesPath}/teletan.css"/>
<title>TeleTAN Portal</title>
Expand Down
2 changes: 1 addition & 1 deletion src/themes/cwa/login/login-otp.ftl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<html lang="de">
<head>
<meta charset="utf-8">
<meta http-equiv="Content-Security-Policy" content="default-src 'self' style-src 'unsafe-inline'"/>
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" type="text/css" href="${url.resourcesPath}/teletan.css"/>
<title>TeleTAN Portal</title>
Expand Down
2 changes: 1 addition & 1 deletion src/themes/cwa/login/login-update-password.ftl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<html lang="de">
<head>
<meta charset="utf-8">
<meta http-equiv="Content-Security-Policy" content="default-src 'self' style-src 'unsafe-inline'">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" type="text/css" href="${url.resourcesPath}/teletan.css"/>
<title>TeleTAN Portal</title>
Expand Down
2 changes: 1 addition & 1 deletion src/themes/cwa/login/login.ftl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<html lang="de">
<head>
<meta charset="utf-8">
<meta http-equiv="Content-Security-Policy" content="default-src 'self' style-src 'unsafe-inline'">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" type="text/css" href="${url.resourcesPath}/teletan.css"/>
<title>TeleTAN Portal</title>
Expand Down

0 comments on commit c60396e

Please sign in to comment.