kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-11-06 21:28:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,884 Commits 5 Branches 0 Tags
d1bad3d7a6a9f15b06b8c98e253323cd097206d6
Commit Graph

6 Commits

Author SHA1 Message Date
Kevin Veen-Birkenbach
57d5269b07 CSP (Safari-safe): merge -elem/-attr into base; respect explicit disables; no mirror-back; header only for documents/workers 
- Add CSP3 support for style/script: include -elem and -attr directives
- Base (style-src, script-src) now unions elem/attr (CSP2/Safari fallback)
- Respect explicit base disables (e.g. style-src.unsafe-inline: false)
- Hashes only when 'unsafe-inline' absent in the final base tokens
- Nginx: set CSP only for HTML/worker via header_filter_by_lua_block; drop for subresources
- Remove per-location header_filter; keep body_filter only
- Update app role flags to *-attr where appropriate; extend desktop CSS sources
- Add comprehensive unit tests for union/explicit-disable/no-mirror-back

Ref: https://chatgpt.com/share/68f87a0a-cebc-800f-bb3e-8c8ab4dee8ee
 2025-10-22 13:53:06 +02:00
Kevin Veen-Birkenbach
4f59e8e48b Added cdn.jsdelivr.net to connect-src for web-app-desktop 2025-09-24 15:35:11 +02:00
Kevin Veen-Birkenbach
2d8967d559 added www. alias for desktop as default 2025-09-19 14:55:40 +02:00
Kevin Veen-Birkenbach
231fd567b3 feat(frontend): rename inj roles to sys-front-*, add sys-svc-cdn, cache-busting lookup 
Introduce sys-svc-cdn (cdn_paths/cdn_urls/cdn_dirs) and ensure CDN directories + latest symlink.

Rename sys-srv-web-inj-* → sys-front-inj-*; update includes/templates; serve shared/per-app CSS & JS via CDN.

Add lookup_plugins/local_mtime_qs.py for mtime-based cache busting; split CSS into default.css/bootstrap.css + optional per-app style.css.

CSP: use style-src-elem; drop unsafe-inline for styles. Services: fix SYS_SERVICE_ALL_ENABLED bool and controlled flush.

BREAKING CHANGE: role names changed; replace includes and references accordingly.

Conversation: https://chatgpt.com/share/68b55494-9ec4-800f-b559-44707029141d
 2025-09-01 10:10:23 +02:00
Kevin Veen-Birkenbach
c182ecf516 Refactor and cleanup OIDC, desktop, and web-app roles 
- Improved OIDC variable definitions (12_oidc.yml)
- Added account/security/profile URLs
- Restructured web-app-desktop tasks and JS handling
- Introduced oidc.js and iframe.js with runtime loader
- Fixed nginx.conf, LDAP, and healthcheck templates spacing
- Improved Lua injection for CSP and snippets
- Fixed typos (WordPress, receive, etc.)
- Added silent-check-sso nginx location

Conversation: https://chatgpt.com/share/68ae0060-4fac-800f-9f02-22592a4087d3
 2025-08-26 20:44:05 +02:00
Kevin Veen-Birkenbach
b916173422 Renamed web-app-port-ui to web-app-desktop 2025-08-26 11:35:22 +02:00