From 267e87d21dd0673b1095720f6ba1b61c0449e002 Mon Sep 17 00:00:00 2001 From: Jessie Mongeon Date: Fri, 20 Dec 2024 09:44:41 -0600 Subject: [PATCH 1/3] update http cert info --- .../application-frontends/overview.mdx | 21 ++----------------- submodules/quill | 2 +- 2 files changed, 3 insertions(+), 20 deletions(-) diff --git a/docs/developer-docs/web-apps/application-frontends/overview.mdx b/docs/developer-docs/web-apps/application-frontends/overview.mdx index d2da2ca0bb..03ff93cb86 100644 --- a/docs/developer-docs/web-apps/application-frontends/overview.mdx +++ b/docs/developer-docs/web-apps/application-frontends/overview.mdx @@ -72,15 +72,9 @@ In `dfx.json`, these default settings will resemble the following: } ``` -## Motoko asset canisters +## Asset certification -The [Motoko server](https://mops.one/server) and [certified HTTP](https://mops.one/certified-http) packages can be used for creating asset canisters using the Motoko language. - -## Rust asset canisters - -The [`ic-asset`](https://crates.io/crates/ic-asset) Rust crate can be used to develop your project's frontend canister. - -Additionally, the [ic-http-certification](https://crates.io/crates/ic-http-certification) crate can be used to: +The [ic-asset-certification](https://crates.io/crates/ic-asset-certification) Rust crate can be used to: - Serve certified assets from the same canister as their primary “backend” canister. @@ -94,15 +88,6 @@ Additionally, the [ic-http-certification](https://crates.io/crates/ic-http-certi - Certify more complex caching or streaming scenarios. - -Other third-party options for serving assets include: - -- [`ic-pluto`](https://crates.io/crates/ic-pluto) - -## TypesScript asset canisters - -The [Express HTTP server](https://demergent-labs.github.io/azle/) package via Azle can be used to create asset canisters in TypeScript. - ## Limitations The frontend canister can host roughly 1GiB in static files. It is recommended that you distribute your files across multiple canisters if the total size of all your assets begins to exceed this amount. Once you exceed this figure, your canister may fail to upgrade. @@ -149,8 +134,6 @@ let path = HttpCertificationPath::wildcard("/js"); - [Asset canister architecture reference](/docs/current/references/asset-canister). -- Using [raw HTML and JavaScript](/docs/current/motoko/main/getting-started/motoko-introduction) to display a simple HTML entry page. - - [Vite + React + Motoko](https://github.com/rvanasa/vite-react-motoko) template example. - [Vite + SvelteKit + Motoko](https://github.com/letmejustputthishere/vite-sveltekit-motoko-ii/tree/main) template example. diff --git a/submodules/quill b/submodules/quill index 077696fd4e..5a5a9ad4a7 160000 --- a/submodules/quill +++ b/submodules/quill @@ -1 +1 @@ -Subproject commit 077696fd4e433cd6f590bc9cec1674c8275faed9 +Subproject commit 5a5a9ad4a72ea9fa9f0adad5c3b11b00ced78db9 From 63bf41de379df6803e142df86650be2b49ac09e8 Mon Sep 17 00:00:00 2001 From: Jessie Mongeon <133128541+jessiemongeon1@users.noreply.github.com> Date: Fri, 20 Dec 2024 15:47:37 -0600 Subject: [PATCH 2/3] Update overview.mdx --- .../web-apps/application-frontends/overview.mdx | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/docs/developer-docs/web-apps/application-frontends/overview.mdx b/docs/developer-docs/web-apps/application-frontends/overview.mdx index 03ff93cb86..f385c41a61 100644 --- a/docs/developer-docs/web-apps/application-frontends/overview.mdx +++ b/docs/developer-docs/web-apps/application-frontends/overview.mdx @@ -72,22 +72,6 @@ In `dfx.json`, these default settings will resemble the following: } ``` -## Asset certification - -The [ic-asset-certification](https://crates.io/crates/ic-asset-certification) Rust crate can be used to: - -- Serve certified assets from the same canister as their primary “backend” canister. - -- Embed assets directly into a canister’s Wasm rather than uploading them at runtime. - -- Create custom routing logic, such as: - - - Serving 404 pages in multi-page apps. - - - Serving multiple frontends from the same canister. - - - Certify more complex caching or streaming scenarios. - ## Limitations The frontend canister can host roughly 1GiB in static files. It is recommended that you distribute your files across multiple canisters if the total size of all your assets begins to exceed this amount. Once you exceed this figure, your canister may fail to upgrade. From 3755596ecda4954b06bb875522e448f02805ecbc Mon Sep 17 00:00:00 2001 From: Jessie Mongeon <133128541+jessiemongeon1@users.noreply.github.com> Date: Fri, 20 Dec 2024 15:47:50 -0600 Subject: [PATCH 3/3] Update asset-security.mdx --- .../application-frontends/asset-security.mdx | 22 +++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/docs/developer-docs/web-apps/application-frontends/asset-security.mdx b/docs/developer-docs/web-apps/application-frontends/asset-security.mdx index 7c26f1180f..4f2d3eacdd 100644 --- a/docs/developer-docs/web-apps/application-frontends/asset-security.mdx +++ b/docs/developer-docs/web-apps/application-frontends/asset-security.mdx @@ -9,14 +9,12 @@ import { GlossaryTooltip } from "/src/components/Tooltip/GlossaryTooltip"; - - You can configure how a frontend canister responds to requests for specific assets by defining your -desired configuration in a file named `.ic-assets.json` Each entry in `.ic-assets.json` allows for specifying a [glob](https://code.visualstudio.com/docs/editor/glob-patterns) pattern along with the headers to be returned in the response for any file that matches the pattern. You may also dictate whether redirects are performed from the non-certified endpoint to a certified endpoint for any given filename pattern. +desired configuration in a file named `.ic-assets.json5` Each entry in `.ic-assets.json5` allows for specifying a [glob](https://code.visualstudio.com/docs/editor/glob-patterns) pattern along with the headers to be returned in the response for any file that matches the pattern. You may also dictate whether redirects are performed from the non-certified endpoint to a certified endpoint for any given filename pattern. ## Content Security Policies (CSP) -By default, frontend canisters created with `dfx new` contain the following Content Security Policy (CSP) in the project's `.ic-assets.json` file: +By default, frontend canisters created with `dfx new` contain the following Content Security Policy (CSP) in the project's `.ic-assets.json5` file: ``` "Content-Security-Policy": "default-src 'self';script-src 'self';connect-src 'self' http://localhost:* https://icp0.io https://*.icp0.io https://icp-api.io;img-src 'self' data:;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';font-src *;object-src 'none';base-uri 'self';frame-ancestors 'none';form-action 'self';upgrade-insecure-requests;", @@ -24,6 +22,22 @@ By default, frontend canisters created with `dfx new` contain the following Cont This CSP includes `img-src data` as data images are frequently included in frontend interfaces, and `frame-ancestors: none` is used to mitigate [clickjacking attacks](https://owasp.org/www-community/attacks/Clickjacking). +## Asset certification + +The [ic-asset-certification](https://crates.io/crates/ic-asset-certification) Rust crate can be used to: + +- Serve certified assets from the same canister as their primary “backend” canister. + +- Embed assets directly into a canister’s Wasm rather than uploading them at runtime. + +- Create custom routing logic, such as: + + - Serving 404 pages in multi-page apps. + + - Serving multiple frontends from the same canister. + + - Certify more complex caching or streaming scenarios. + ## Security recommendations This default Content Security Policy aims to work with as many applications as possible rather than providing the maximum security. It is recommended that you update this policy for your application's specific needs by utilizing tools such as: