Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add preset CSP nonce #2096

Merged
merged 1 commit into from
Jan 2, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions internal/httpclient/api/openapi.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4606,6 +4606,14 @@ components:
type: string
node_type:
type: string
nonce:
description: |-
Nonce for CSP

A nonce you may want to use to improve your Content Security Policy.
You do not have to use this value but if you want to improve your CSP
policies you may use it. You can also choose to use your own nonce value!
type: string
referrerpolicy:
description: The script referrer policy
type: string
Expand All @@ -4621,6 +4629,7 @@ components:
- id
- integrity
- node_type
- nonce
- referrerpolicy
- src
- type
Expand Down
23 changes: 22 additions & 1 deletion internal/httpclient/docs/UiNodeAttributes.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,14 @@ Name | Type | Description | Notes
**Async** | **bool** | The script async type |
**Crossorigin** | **string** | The script cross origin policy |
**Integrity** | **string** | The script's integrity hash |
**Nonce** | **string** | Nonce for CSP A nonce you may want to use to improve your Content Security Policy. You do not have to use this value but if you want to improve your CSP policies you may use it. You can also choose to use your own nonce value! |
**Referrerpolicy** | **string** | The script referrer policy |

## Methods

### NewUiNodeAttributes

`func NewUiNodeAttributes(disabled bool, name string, nodeType string, type_ string, id string, text UiText, src string, href string, title UiText, async bool, crossorigin string, integrity string, referrerpolicy string, ) *UiNodeAttributes`
`func NewUiNodeAttributes(disabled bool, name string, nodeType string, type_ string, id string, text UiText, src string, href string, title UiText, async bool, crossorigin string, integrity string, nonce string, referrerpolicy string, ) *UiNodeAttributes`

NewUiNodeAttributes instantiates a new UiNodeAttributes object
This constructor will assign default values to properties that have it defined,
Expand Down Expand Up @@ -469,6 +470,26 @@ and a boolean to check if the value has been set.
SetIntegrity sets Integrity field to given value.


### GetNonce

`func (o *UiNodeAttributes) GetNonce() string`

GetNonce returns the Nonce field if non-nil, zero value otherwise.

### GetNonceOk

`func (o *UiNodeAttributes) GetNonceOk() (*string, bool)`

GetNonceOk returns a tuple with the Nonce field if it's non-nil, zero value otherwise
and a boolean to check if the value has been set.

### SetNonce

`func (o *UiNodeAttributes) SetNonce(v string)`

SetNonce sets Nonce field to given value.


### GetReferrerpolicy

`func (o *UiNodeAttributes) GetReferrerpolicy() string`
Expand Down
23 changes: 22 additions & 1 deletion internal/httpclient/docs/UiNodeScriptAttributes.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ Name | Type | Description | Notes
**Id** | **string** | A unique identifier |
**Integrity** | **string** | The script's integrity hash |
**NodeType** | **string** | |
**Nonce** | **string** | Nonce for CSP A nonce you may want to use to improve your Content Security Policy. You do not have to use this value but if you want to improve your CSP policies you may use it. You can also choose to use your own nonce value! |
**Referrerpolicy** | **string** | The script referrer policy |
**Src** | **string** | The script source |
**Type** | **string** | The script MIME type |
Expand All @@ -17,7 +18,7 @@ Name | Type | Description | Notes

### NewUiNodeScriptAttributes

`func NewUiNodeScriptAttributes(async bool, crossorigin string, id string, integrity string, nodeType string, referrerpolicy string, src string, type_ string, ) *UiNodeScriptAttributes`
`func NewUiNodeScriptAttributes(async bool, crossorigin string, id string, integrity string, nodeType string, nonce string, referrerpolicy string, src string, type_ string, ) *UiNodeScriptAttributes`

NewUiNodeScriptAttributes instantiates a new UiNodeScriptAttributes object
This constructor will assign default values to properties that have it defined,
Expand Down Expand Up @@ -132,6 +133,26 @@ and a boolean to check if the value has been set.
SetNodeType sets NodeType field to given value.


### GetNonce

`func (o *UiNodeScriptAttributes) GetNonce() string`

GetNonce returns the Nonce field if non-nil, zero value otherwise.

### GetNonceOk

`func (o *UiNodeScriptAttributes) GetNonceOk() (*string, bool)`

GetNonceOk returns a tuple with the Nonce field if it's non-nil, zero value otherwise
and a boolean to check if the value has been set.

### SetNonce

`func (o *UiNodeScriptAttributes) SetNonce(v string)`

SetNonce sets Nonce field to given value.


### GetReferrerpolicy

`func (o *UiNodeScriptAttributes) GetReferrerpolicy() string`
Expand Down
32 changes: 31 additions & 1 deletion internal/httpclient/model_ui_node_script_attributes.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions selfservice/strategy/webauthn/login_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ func TestCompleteLogin(t *testing.T) {
"1.attributes.onclick",
"1.attributes.onload",
"3.attributes.src",
"3.attributes.nonce",
})
ensureReplacement(t, "1", f.Ui, "allowCredentials")
})
Expand Down
2 changes: 2 additions & 0 deletions selfservice/strategy/webauthn/settings_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,7 @@ func TestCompleteSettings(t *testing.T) {
"0.attributes.value",
"4.attributes.onclick",
"6.attributes.src",
"6.attributes.nonce",
})
ensureReplacement(t, "4", f.Ui, "Ory Corp")
})
Expand All @@ -149,6 +150,7 @@ func TestCompleteSettings(t *testing.T) {
"2.attributes.onload",
"2.attributes.onclick",
"4.attributes.src",
"4.attributes.nonce",
})
ensureReplacement(t, "2", f.Ui, "Ory Corp")
})
Expand Down
5 changes: 5 additions & 0 deletions spec/api.json
Original file line number Diff line number Diff line change
Expand Up @@ -1763,6 +1763,10 @@
"node_type": {
"$ref": "#/components/schemas/uiNodeType"
},
"nonce": {
"description": "Nonce for CSP\n\nA nonce you may want to use to improve your Content Security Policy.\nYou do not have to use this value but if you want to improve your CSP\npolicies you may use it. You can also choose to use your own nonce value!",
"type": "string"
},
"referrerpolicy": {
"description": "The script referrer policy",
"type": "string"
Expand All @@ -1784,6 +1788,7 @@
"integrity",
"type",
"id",
"nonce",
"node_type"
],
"title": "ScriptAttributes represent script nodes which load javascript.",
Expand Down
5 changes: 5 additions & 0 deletions spec/swagger.json
Original file line number Diff line number Diff line change
Expand Up @@ -3600,6 +3600,7 @@
"integrity",
"type",
"id",
"nonce",
"node_type"
],
"properties": {
Expand All @@ -3622,6 +3623,10 @@
"node_type": {
"$ref": "#/definitions/uiNodeType"
},
"nonce": {
"description": "Nonce for CSP\n\nA nonce you may want to use to improve your Content Security Policy.\nYou do not have to use this value but if you want to improve your CSP\npolicies you may use it. You can also choose to use your own nonce value!",
"type": "string"
},
"referrerpolicy": {
"description": "The script referrer policy",
"type": "string"
Expand Down
9 changes: 9 additions & 0 deletions ui/node/attributes.go
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,15 @@ type ScriptAttributes struct {
// required: true
Identifier string `json:"id"`

// Nonce for CSP
//
// A nonce you may want to use to improve your Content Security Policy.
// You do not have to use this value but if you want to improve your CSP
// policies you may use it. You can also choose to use your own nonce value!
//
// required: true
Nonce string `json:"nonce"`

// NodeType represents this node's types. It is a mirror of `node.type` and
// is primarily used to allow compatibility with OpenAPI 3.0.
//
Expand Down
1 change: 1 addition & 0 deletions ui/node/attributes_input.go
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,7 @@ func NewScriptField(name string, src string, group Group, integrity string, opts
ReferrerPolicy: "no-referrer",
CrossOrigin: "anonymous",
Integrity: integrity,
Nonce: x.NewUUID().String(),
}),
Meta: &Meta{},
}
Expand Down