fix livereload pb with csp

jcheron · jcheron · commit b02c1342a07b · 2022-01-01T15:34:20.000+01:00
diff --git a/src/Ubiquity/security/csp/ContentSecurity.php b/src/Ubiquity/security/csp/ContentSecurity.php
@@ -240,10 +240,7 @@ public function getPolicies(): array {
 	 */
 	public static function defaultUbiquity(): ContentSecurity {
 		$csp = new self();
-		$csp->addPolicy(CspDirectives::DEFAULT_SRC, 'self', 'cdn.jsdelivr.net', 'cdnjs.cloudflare.com');
-		$csp->addPolicyDefault(CspDirectives::FONT_SRC, 'fonts.googleapis.com', 'fonts.gstatic.com', 'data:');
-		$csp->addPolicyDefault(CspDirectives::STYLE_SRC, CspValues::UNSAFE_INLINE, 'fonts.googleapis.com');
-		$csp->addPolicyDefault(CspDirectives::SCRIPT_SRC_ELM);
+		$csp->addPolicyDefault(CspDirectives::CONNECT_SRC, CspValues::SELF);
 		$csp->addPolicy(CspDirectives::IMG_SRC, 'data:');
 		return $csp;
 	}
@@ -258,9 +255,7 @@ public static function defaultUbiquityDebug(string $livereloadServer = '127.0.0.
 		$csp = self::defaultUbiquity();
 		$config = Startup::$config;
 		if ($config['debug'] && \Ubiquity\debug\LiveReload::hasLiveReload()) {
-			$csp->addHash('sha256-8Xnt4HKk9Yhr0dEXwbeeEDZpkRMxqi9xGg43hnmUurY=', CspDirectives::SCRIPT_SRC_ELM);
 			$csp->addPolicyDefault(CspDirectives::CONNECT_SRC, "ws://$livereloadServer");
-			$csp->addPolicy(CspDirectives::SCRIPT_SRC_ELM, "http://$livereloadServer");
 		}
 		return $csp;
 	}
diff --git a/src/Ubiquity/security/csp/ContentSecurityManager.php b/src/Ubiquity/security/csp/ContentSecurityManager.php
@@ -43,6 +43,18 @@ public static function getNonce(string $name): string {
 		return self::$nonceGenerator->getNonce($name);
 	}
 
+	/**
+	 *
+	 * @param string $name
+	 * @return bool
+	 */
+	public static function hasNonce(string $name): bool {
+		if (isset(self::$nonceGenerator)) {
+			return self::$nonceGenerator->hasNonce($name);
+		}
+		return false;
+	}
+
 	/**
 	 * Checks if the manager is started.
 	 *
@@ -86,7 +98,7 @@ public static function defaultUbiquity(?bool $reportOnly = null): ContentSecurit
 	 * @param string $livereloadServer
 	 * @return ContentSecurity
 	 */
-	public static function defaultUbiquityDebug(?bool $reportOnly = null,string $livereloadServer='127.0.0.1:35729'): ContentSecurity {
+	public static function defaultUbiquityDebug(?bool $reportOnly = null, string $livereloadServer = '127.0.0.1:35729'): ContentSecurity {
 		return self::$csp[] = ContentSecurity::defaultUbiquityDebug($livereloadServer)->reportOnly($reportOnly);
 	}
 
diff --git a/src/Ubiquity/security/csp/NonceGenerator.php b/src/Ubiquity/security/csp/NonceGenerator.php
@@ -34,6 +34,19 @@ public function getNonce(string $name, int $size = 32): string {
 		return $this->nonces[$name] ??= self::_generateNonce($name, $size);
 	}
 
+	/**
+	 *
+	 * @param string $name
+	 * @return bool
+	 */
+	public function hasNonce(string $name): bool {
+		return isset($this->nonces[$name]);
+	}
+
+	/**
+	 *
+	 * @return string
+	 */
 	public function __toString() {
 		return \count($this->nonces);
 	}
