banana/definma-api
Archived
2
Fork 0
Code Releases Activity

api and headers

Browse Source
This commit is contained in:
VLE2FE
2020-07-28 13:59:13 +02:00
parent 1988a67b35
commit 149a0aec6d
3 changed files with 36 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/api.ts
View File

@@ -125,7 +125,7 @@ window.onload = function() {
plugins: [ plugins: [
SwaggerUIBundle.plugins.DownloadUrl SwaggerUIBundle.plugins.DownloadUrl
], ],
layout: 'StandaloneLayout' layout: "StandaloneLayout",
}); });
} }
`; `;

22
src/index.ts
View File

@@ -8,7 +8,7 @@ import cors from 'cors';
import api from './api'; import api from './api';
import db from './db'; import db from './db';
// TODO: working demo branch // TODO: check header, also in UI
// tell if server is running in debug or production environment // tell if server is running in debug or production environment
console.info(process.env.NODE_ENV === 'production' ? '===== PRODUCTION =====' : process.env.NODE_ENV === 'test' ? '' :'===== DEVELOPMENT ====='); console.info(process.env.NODE_ENV === 'production' ? '===== PRODUCTION =====' : process.env.NODE_ENV === 'test' ? '' :'===== DEVELOPMENT =====');
@@ -25,7 +25,7 @@ app.disable('x-powered-by');
const port = process.env.PORT || 3000; const port = process.env.PORT || 3000;
// security headers // security headers
app.use(helmet({ const defaultHeaderConfig = {
contentSecurityPolicy: { contentSecurityPolicy: {
directives: { directives: {
defaultSrc: [`'none'`], defaultSrc: [`'none'`],
@@ -33,23 +33,27 @@ app.use(helmet({
formAction: [`'none'`], formAction: [`'none'`],
frameAncestors: [`'none'`] frameAncestors: [`'none'`]
} }
} },
})); frameguard: {
action: 'deny'
},
permittedCrossDomainPolicies: true,
refererPolicy: true
};
app.use(helmet(defaultHeaderConfig));
// special CSP header for api-doc // special CSP header for api-doc
app.use('/api-doc', helmet.contentSecurityPolicy({ app.use('/api-doc', helmet.contentSecurityPolicy({
...defaultHeaderConfig,
directives: { directives: {
defaultSrc: [`'none'`],
scriptSrc: [`'self'`], scriptSrc: [`'self'`],
connectSrc: [`'self'`], connectSrc: [`'self'`],
styleSrc: [`'self'`, `'unsafe-inline'`], styleSrc: [`'self'`, `'unsafe-inline'`],
imgSrc: [`'self'`, 'data:'], imgSrc: [`'self'`, 'data:']
baseUri: [`'self'`],
formAction: [`'none'`],
frameAncestors: [`'none'`]
} }
})); }));
// special CSP header for the bosch-logo.svg // special CSP header for the bosch-logo.svg
app.use('/static/img/bosch-logo.svg', helmet.contentSecurityPolicy({ app.use('/static/img/bosch-logo.svg', helmet.contentSecurityPolicy({
...defaultHeaderConfig,
directives: { directives: {
styleSrc: [`'unsafe-inline'`] styleSrc: [`'unsafe-inline'`]
} }

22
static/styles/swagger-ui.css
View File

@@ -161,6 +161,26 @@ body:after {
border-color: var(--red); border-color: var(--red);
} }
/*clipboard button*/
.swagger-ui .copy-to-clipboard {
border-radius: 0;
top: 19px;
height: 28px;
}
.swagger-ui .copy-to-clipboard > button {
position: relative;
bottom: 3px;
}
.swagger-ui .curl-command .copy-to-clipboard {
border-radius: 0;
top: 24px;
}
.swagger-ui .curl-command .copy-to-clipboard > button {
position: relative;
bottom: 7px;
right: 1px;
}
/*download button*/ /*download button*/
.swagger-ui .download-contents { .swagger-ui .download-contents {
border-radius: 0; border-radius: 0;
@@ -216,6 +236,8 @@ body:after {
/*code*/ /*code*/
.swagger-ui .opblock-body pre.microlight { .swagger-ui .opblock-body pre.microlight {
border-radius: 0; border-radius: 0;
background: #41444e !important;
padding: 0.5em;
} }
.swagger-ui .highlight-code > .microlight { .swagger-ui .highlight-code > .microlight {