fix: comment CSP which triggers the crash (#1814)

See how to reinject them in the future
SocialGouv · Nov 8, 2023 · 6953d79 · 6953d79
1 parent d00c55a
commit 6953d79
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 4 deletions.
diff --git a/packages/app/src/app/(default)/index-egapro/declaration/[siren]/[year]/page.tsx b/packages/app/src/app/(default)/index-egapro/declaration/[siren]/[year]/page.tsx
@@ -20,6 +20,8 @@ const canEditSiren = (user?: Session["user"]) => (siren?: string) => {
   return user.staff || user.companies.some(company => company.siren === siren);
 };
 
+export const revalidate = 86_400; // 24h
+
 const RecapPage = async ({ params: { siren, year: strYear } }: NextServerPageProps<"siren" | "year">) => {
   const year = Number(strYear);
 

diff --git a/packages/app/src/common/config.ts b/packages/app/src/common/config.ts
@@ -112,8 +112,13 @@ export const config = {
   },
 } as const;
 
+// console.log("config loaded", config);
+
 // TODO better debug
 if (typeof window !== "undefined") {
+  // Warning: the config generated by the client may be different with the server.
+  // Ex: for postgres, on client, there is no env var, so it will return default values.
+  // You need to console.log(config) and check the server console, to see what the real config is.
   window._egaproConfig = config;
 }
 

diff --git a/packages/app/src/middleware.ts b/packages/app/src/middleware.ts
@@ -6,12 +6,12 @@ import { type NextMiddlewareWithAuth, withAuth } from "next-auth/middleware";
 const cspMiddleware: NextMiddlewareWithAuth = req => {
   const nonce = Buffer.from(crypto.randomUUID()).toString("base64");
   const cspHeader = `
-    default-src 'self' https://*.gouv.fr;
+    // default-src 'self' https://*.gouv.fr;
     connect-src 'self' https://*.gouv.fr;
     font-src 'self' data: blob:;
     media-src 'self' https://*.gouv.fr;
     img-src 'self' data: https://*.gouv.fr;
-    script-src 'self' 'nonce-${nonce}' 'strict-dynamic';
+    // script-src 'self' 'nonce-${nonce}' 'strict-dynamic';
     frame-src 'self' https://*.gouv.fr;
     style-src 'self' https://*.gouv.fr 'nonce-${nonce}';
     frame-ancestors 'self' https://*.gouv.fr;
@@ -20,8 +20,9 @@ const cspMiddleware: NextMiddlewareWithAuth = req => {
     form-action 'self' https://*.gouv.fr;
     block-all-mixed-content;
     upgrade-insecure-requests;
-    require-trusted-types-for 'script';
-    trusted-types react-dsfr react-dsfr-asap nextjs#bundler matomo-next;`;
+    // require-trusted-types-for 'script';
+    // trusted-types react-dsfr react-dsfr-asap nextjs#bundler matomo-next;
+    `;
 
   const responseHeaders = new Headers();
   responseHeaders.set("x-nonce", nonce);