Skip to content

Commit

Permalink
Merge pull request #174 from navikt/csp
Browse files Browse the repository at this point in the history 
Csp
  • Loading branch information
@runska
runska authored Nov 20, 2023
2 parents c935128 + cec1eea commit 631c3a8
Show file tree
Hide file tree
Showing 5 changed files with 70 additions and 95 deletions.
1 change: 1 addition & 0 deletions .github/workflows/build-deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ on:
push:
branches:
- main
- csp
paths-ignore:
- '**.md'
- '**/**.md'
Expand Down
96 changes: 49 additions & 47 deletions next.config.mjs
View file
Original file line number Diff line number Diff line change
@@ -1,53 +1,55 @@
/** @type {import('next').NextConfig} */
import path from "path";
import csp from "./src/csp.js";
import { fileURLToPath } from 'url';
import { fileURLToPath } from "url";
import cspPkg from "./src/csp.js"

const { cspString } = cspPkg
const __filename = fileURLToPath(import.meta.url);

export default {
reactStrictMode: true,
basePath: "/forebygge-fravar",
swcMinify: true,
output: "standalone",
i18n: {
locales: ["no"],
defaultLocale: "no",
},
sassOptions: {
includePaths: [path.dirname(__filename)],
},
async headers() {
return [
{
// Apply these headers to all routes in your application.
source: "/:path*",
headers: [
{
key: "X-Frame-Options",
value: "SAMEORIGIN",
},
{
key: "X-Xss-Protection",
value: "1; mode=block",
},
{
key: "X-Content-Type-Options",
value: "nosniff",
},
{
key: "Referrer-Policy",
value: "no-referrer",
},
{
key: "Permissions-Policy",
value: "geolocation=(), microphone=(), camera=()",
},
{
key: "Content-Security-Policy",
value: csp,
},
],
},
];
},
reactStrictMode: true,
basePath: "/forebygge-fravar",
swcMinify: true,
output: "standalone",
i18n: {
locales: ["no"],
defaultLocale: "no",
},
sassOptions: {
includePaths: [path.dirname(__filename)],
},
async headers() {
return [
{
// Apply these headers to all routes in your application.
source: "/:path*",
headers: [
{
key: "X-Frame-Options",
value: "SAMEORIGIN",
},
{
key: "X-Xss-Protection",
value: "1; mode=block",
},
{
key: "X-Content-Type-Options",
value: "nosniff",
},
{
key: "Referrer-Policy",
value: "origin-when-cross-origin",
},
{
key: "Permissions-Policy",
value: "geolocation=(), microphone=(), camera=()",
},
{
key: "Content-Security-Policy",
value: cspString,
},
],
},
];
},
};
2 changes: 1 addition & 1 deletion src/Aktiviteter/AktivitetData.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -442,7 +442,7 @@ export const aktiviteter: AktivitetType[] = [
{
type: "lenke",
tekst: "Se sykefravær over tid",
url: "https://arbeidsgiver.nav.no/sykefravarsstatistikk/historikk",
url: "/forebygge-fravar/sykefravarsstatistikk#historikk",
},
],
},
Expand Down
64 changes: 18 additions & 46 deletions src/csp.js
View file
Original file line number Diff line number Diff line change
@@ -1,86 +1,58 @@
const csp = {
"default-src": [
"'self'",
"arbeidsgiver.nav.no",
"dekoratoren.ekstern.dev.nav.no",
],
// "psplugin"/"vergic": skjermdelingsløsningen
// "hotjar" og "taskanalytics": verktøy for å samle inn brukerinnsikt

const cspHeaders = {
"default-src": ["'self'", "*.nav.no"],
"script-src": [
"'self'",
"'report-sample'",
"'unsafe-inline'",
"'unsafe-eval'",
"www.google-analytics.com",
"www.googletagmanager.com",
"static.hotjar.com",
"script.hotjar.com",
"*.psplugin.com",
"*.nav.no",
"*.taskanalytics.com/tm.js",
"httpcache0-80659-cachedown0.dna.ip-only.net/80659-cachedown0/custom/modules/WCAG/controls.min.js",
"*.dna.ip-only.net",
"imasdk.googleapis.com/js/sdkloader/ima3.js",
"*.taskanalytics.com",
"'unsafe-eval'",
"'unsafe-inline'",
],
"style-src": [
"'self'",
"blob:",
"*.nav.no",
"*.psplugin.com",
"'unsafe-inline'",
"fonts.googleapis.com",
"translate.googleapis.com",
],
"connect-src": [
"'self'",
"*.nav.no",
"oidc-ver2.difi.no/idporten-oidc-provider/authorize",
"idporten-ver2.difi.no/opensso/SSORedirect/metaAlias/norge.no/idp4",
"*.difi.no",
"amplitude.nav.no",
"data.brreg.no",
"*.psplugin.com",
"*.hotjar.com",
"*.vc.hotjar.com",
"*.hotjar.io",
"*.vc.hotjar.io",
"wss://*.hotjar.com",
"api.puzzel.com",
"nav.boost.ai",
"sentry.gc.nav.no",
"www.google-analytics.com",
"ta-survey-v2.herokuapp.com",
"ws://notification.qbrick.com",
"analytics.qbrick.com",
"*.dna.ip-only.net",
"localhost:12347",
],
"font-src": [
"data:",
"*.psplugin.com",
"*.hotjar.com",
"fonts.gstatic.com",
"www.nav.no",
"cdn.nav.no",
"*.psplugin.com",
],
"frame-src": ["vars.hotjar.com", "*.nav.no"],
"img-src": [
"'self'",
"data:",
"*.hotjar.com",
"www.google-analytics.com",
"www.gstatic.com",
"translate.google.com",
"*.nav.no",
"data:",
"www.googletagmanager.com",
"*.dna.ip-only.net",
"*.psplugin.com",
"www.vergic.com",
],
"media-src": ["'self'", "*.dna.ip-only.net", "blob:"],
"manifest-src": ["'self'", "*.nav.no", "*.difi.no"],
"media-src": ["'self'", "blob:"],
"object-src": ["'self'", "blob:"],
"report-uri": [
"https://sentry.gc.nav.no/api/77/security/?sentry_key=97af8a51172e4f9bb74ac9c05920b1d2",
],
"worker-src": ["'self'", "blob:"],
};

const stringified = Object.entries(csp)
const cspString = Object.entries(cspHeaders)
.map((entry) => `${entry[0]} ${entry[1].join(" ")}`)
.join("; ");

module.exports = stringified;
module.exports = { cspString };
2 changes: 1 addition & 1 deletion src/sykefravarsstatistikk/Historikk/Historikk.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ const Historikk: FunctionComponent<Props> = (props) => {
<div className={styles["historikk"]}>
<div className={styles["historikk__overdel-wrapper"]}>
<div className={styles["historikk__tekst-wrapper"]}>
<Heading spacing level="2" size="medium">
<Heading id="historikk" spacing level="2" size="medium">
Se sykefraværet over tid
</Heading>
<BodyShort className={styles["historikk__ingress"]}>
Expand Down

0 comments on commit 631c3a8

Please sign in to comment.