CSP using hashes for firebaseui

config/content-security-policy.json

@@ -4,7 +4,6 @@
     ],
     "script-src": [
         "'self'",
-        "'nonce-3f98c07a4b'",
         "*.bootstrapcdn.com", 
         "code.jquery.com",
         "*.google.com",
@@ -16,11 +15,20 @@
     ],
     "style-src": [
         "'self'",
-        "'nonce-3f98c07a4b'",
+        "*.google.com",
+        "*.firebaseapp.com",
+        "*.googleusercontent.com",
         "*.bootstrapcdn.com",
         "*.googleapis.com",
         "*.gstatic.com",
-        "*.fbcdn.net"
+        "*.fbcdn.net",
+        "'unsafe-hashes'",
+        "'sha256-O9ChnrQJngUlTYptX2rHTyPwYa4VlQslTnAyr1r9/XE='",
+        "'sha256-KPTVW5oJwjIe0y2cEU5idixe+0eH/ARZMQXuQgteCBw='",
+        "'sha256-72k6lx3PMqTD7y6xr91xeDYIj51JhoVJTrinJBHEt4I='",
+        "'sha256-jcChtzjXxOs5V2A5l2c5UkgoGcYO+8GLAdzsZqlWsq4='",
+        "'sha256-nriuFMNMno0iiUNQX9SLMKxBTaxm9WGUhrVusxfqDGA='",
+        "'sha256-0nnP5wTs7LWXCQGBE25MSDmq1ZSHQEHAnowTPyUoHXQ='"
     ], 
     "img-src": [
         "'self'",

lib/authentication.js

@@ -203,8 +203,8 @@ function startNewSignIn( bSignOutUser )
         }
         const urlOptions = {
             userAgent: global.userAgent,
-            extraHeaders: `Content-Security-Policy: ${global.ContentSecurityString}`
         }
+
         applib.event.emit( "start-new-signin" )
         const newModal = window.openModal( loginUrl, null, windowOptions, urlOptions )
 

lib/localstorage.js

@@ -121,7 +121,7 @@ function getItem( key, optionalCallback )
             failTimer = null
             console.error( "Timeout on getItem for " + key )
             resolve( null )
-        }, 2000 )
+        }, 4000 )
         _send( "getItem", key, null )
     })
 }

lib/windows.js

@@ -65,7 +65,6 @@ class open extends BrowserWindow
         if ( this.boundsCheckerEnabled ) this._setupBoundsChecker( openOptions.title )
 
         if ( !urlOptions ) urlOptions = {}
-        urlOptions.extraHeaders = `Content-Security-Policy: ${global.ContentSecurityString}`
         if ( global.userAgent && !urlOptions.userAgent ) urlOptions.userAgent = global.userAgent
 
         // now that the window is configured, open it with the URL

pages/index.html

@@ -8,30 +8,18 @@
       <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
 
       <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css" integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">
-      <link href="https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" rel="stylesheet" integrity="sha384-wvfXpqpZZVQGK6TAh5PVlGOfQNHSoD2xbE+QkPxCAFlNEevoEH3Sl0sibVcOQVnN" crossorigin="anonymous">
+      <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" integrity="sha384-wvfXpqpZZVQGK6TAh5PVlGOfQNHSoD2xbE+QkPxCAFlNEevoEH3Sl0sibVcOQVnN" crossorigin="anonymous">
+      <link type="text/css" rel="stylesheet" href="/scripts/indexpage_style.css" /> 
 
-      <script nonce="3f98c07a4b"> 
-        if (typeof module === 'object') {window.module = module; module = undefined;} 
-      </script>
+      <script src="/scripts/setmodule_off.js"></script>
       <script src="https://code.jquery.com/jquery-3.4.1.slim.min.js" integrity="sha384-J6qa4849blE2+poT4WnyKhv5vZF5SrPo0iEjwBvKU7imGFAV0wwj1yYfoRSJoZ+n" crossorigin="anonymous"></script>
       <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script>
-      <script nonce="3f98c07a4b"> 
-        if (window.module) module = window.module; 
-      </script>
+      <script src="/scripts/setmodule_on.js"></script>
 
       <script src="/scripts/webutils.js"></script>
       <script src="/scripts/weblocal.js"></script>
       <script src="/scripts/webmodal.js"></script>
-
-      <style nonce="3f98c07a4b">
-        a.nav-link:hover:not(.active) {
-            color: #F00F00 !important;
-            cursor: pointer;
-        }
-        .tab-content {
-            overflow-y: scroll;
-        }
-      </style>
+      <script src="/scripts/indexpage_script.js"></script>
 
     </head>
     <body>
@@ -119,215 +107,6 @@ <h5 class="modal-title">---</h5>
         </div>
       </div>
 
-      <script nonce="3f98c07a4b"> 
-      // functions for interacting with main app, note that ipc is defined in weblocal.js
-
-      function signout() 
-      {
-          // send the signout signal back to Main
-          ipc.send( 'user-signout', Date.now().toString() ) 
-      }
-
-      // custom elements
-      class InfoButton extends HTMLButtonElement {
-        constructor() {
-          super()
-          this.setAttribute('class', 'btn btn-info')
-          this.setAttribute('type', 'button')
-          this.setAttribute('data-toggle', 'modal')
-          this.setAttribute('data-target', '#ModalDialog')
-        }
-      }
-      customElements.define('info-button', InfoButton, {extends: 'button'});
-
-      function showSpinner( parent, bShowState )
-      {
-        const spinner = parent.find('.spinner-border')
-        switch( bShowState ) {
-          case true: spinner.removeClass("invisible")
-            break;
-          case false: spinner.addClass("invisible")
-            break;
-          case "show": spinner.removeClass("d-none")
-            break;
-          case "hide": spinner.addClass("d-none")
-            break;
-        }
-      }
-
-      function insertSpinner( parent, bShowState )
-      {
-        const spinner = parent.find('.spinner-border')
-        if ( bShowState ) spinner.removeClass("d-none")
-        else spinner.addClass("d-none")
-      }
-
-      function createNavLink( navColumn, link )
-      {
-        const anchor = $('<a class="nav-link">') // text-info
-        anchor.attr( "data-toggle", "tab" )
-        anchor.attr( "role", "pill" )
-        anchor.attr( "aria-controls", "v-pills-profile" )
-        anchor.attr( 'href', '#folder-list-anchor' )
-        anchor.attr( "data-link", link )
-        anchor.text( link )
-        anchor.prepend( $('<i class="fa fa-fw fa-lg fa-folder mr-1 ">') )
-        navColumn.append( anchor )
-      }
-
-      async function setFolderList()
-      {
-        // ask the main app for the folder list
-        // put each folder into a nav column of links
-        const domain = $("#file-domain").find("button.active").val()
-        const navColumn = $("#nav-folder-links")
-        navColumn.find(".nav-link").remove()
-        insertSpinner( navColumn, true )
-
-        // request back to main for the folder list
-        const response = await askMain( "info-request", "folder-list", domain )
-        insertSpinner( navColumn, false )
-        await response.forEach( (element) => {
-          createNavLink( navColumn, element )
-        })
-        return response
-      }
-
-      function displayDate( fileISOString )
-      {
-        const fileDate = new Date( fileISOString )
-        var showDate = fileDate.toLocaleDateString( undefined, displayDate.doptions )
-        if ( showDate == (new Date()).toLocaleDateString( undefined, displayDate.doptions ) ) {
-          showDate = fileDate.toLocaleTimeString()
-        }
-        return showDate
-      }
-
-      displayDate.doptions = {
-        day: "2-digit",
-        month: "short",
-        year: "numeric"
-      }
-
-      function imageLink( iconClass, url, mime )
-      {
-        const link = `<a class="fa fa-fw fa-lg fa-${iconClass} mr-1" href="#" data-url="${url}" data-content="${mime}">`
-        return link
-      }
-
-      function setFileList( fileList )
-      {
-        var tableBody = setFileList.fileTable.find('.tableBody')
-        tableBody.empty()
-        fileList.forEach( (element) => {
-          createTableRow( tableBody, 
-            element.name, 
-            displayDate(element.updated), 
-            element.size,
-            imageLink( "file-text", element.path ),
-            imageLink( "cloud-download", element.downloadUrl, element.contentType ) )
-        })
-      }
-
-      $('#file-domain button').on('click', function() {
-        var thisBtn = $(this);
-        thisBtn.addClass('active').siblings().removeClass('active');
-        setFolderList()
-      });
-
-      $('#nav-folder-links').click( (event) =>
-      {
-        setFileList.filesDiv = $("#nav-folder-files")
-        setFileList.fileTable = setFileList.filesDiv.find( ".table" )
-        setFileList.fileTable.addClass("invisible")
-        showSpinner( setFileList.filesDiv, "show" )
-        const anchor = $(event.target)
-        const panel = $(this)
-
-        // request back to main for the file list
-        askMain( "info-request", "file-list", anchor.data('link'), $("#file-domain").find("button.active").val() )
-        .then( setFileList )
-        .finally( () => {
-          setFileList.fileTable.removeClass("invisible")
-          showSpinner( setFileList.filesDiv, "hide" )
-        })
-      })
-
-      // trigger any class=btn-user-action button basedon its value parameter
-      $('.btn-user-action').on('click', function() 
-      {
-        switch( $(this).val() ) {
-          case 'signout': 
-            signout() 
-            break
-        }
-      });
-
-      $(document).on( "click", "a.fa-file-text", async (event) =>
-      {
-        const target = $(event.target)
-        const url = target.data("url") 
-        const modal = $("#ModalDialog")
-        const card = $('<div class="card-body">') 
-        modal.modal('show')
-        modal.find('.modal-title').text( url )
-
-        // request back to main for the file content
-        const response = await askMain( "show-file", "path", url )
-        card.append( makeJsonElement(response) )
-        modal.find('.modal-body').append(card)
-        showSpinner( modal, false )
-      })
-
-      $(document).on( "click", "a.fa-cloud-download", (event) =>
-      {
-        const anchor = $(event.target)
-        const url = anchor.data("url") 
-        const mime = anchor.data("content")
-
-        // request back to main for the file content
-        askMain( "show-file", "url", url, mime )
-      })
-
-      $('#ModalDialog').on('show.bs.modal', async (event) =>
-      {
-        // The modal dialog is about to open, but it's generic.
-        // So we need to set its title, and build a table with the right content.
-        const button = $(event.relatedTarget)
-        const modal = $("#ModalDialog")
-        modal.find('.modal-title').text( button.text() )
-        var table = $('<table class="table">') 
-        modal.find('.modal-body').append(table)
-        await setModalContent( table, button.data('set'), button.data('ask') )
-        showSpinner( modal, false )
-      })
-
-      $('#ModalDialog').on('hidden.bs.modal', (event) =>
-      {
-        const modal = $("#ModalDialog")
-        modal.find('.table').remove()
-        modal.find('.card-body').remove()
-        showSpinner( modal, true )
-      })
-
-      $('#ModalDialogAccept').on('click', function (event) 
-      {
-        var button = $(event.relatedTarget) // Button that triggered the modal
-        // do whatever you want after the user accepts OK
-      })
-
-      ipc.on( 'app-ready', () => 
-      {
-          // hide the opening spinner and show the contents
-          $("#main-window-loading").addClass("d-none")
-          $("#main-window-content").removeClass("d-none")
-
-          // populate the folder list
-          setFolderList()
-      })
-
-      </script>
-
     </body>
 
   </html>

pages/logincomplete.html

@@ -5,9 +5,7 @@
     <title>Login Complete</title>
     <meta name="copyright" content="Copyright &copy; 2019-2021 by David Asher" />
     <meta name="author" content="David Asher, https://github.com/david-asher" />
-    <script nonce="3f98c07a4b">
-        window.close()
-    </script> 
+    <script src="/scripts/logincomplete.js"></script>
 </head>
     <body>
         <h2>Login Complete</h2>