diff --git a/src/main/kotlin/fr/shikkanime/entities/enums/ConfigPropertyKey.kt b/src/main/kotlin/fr/shikkanime/entities/enums/ConfigPropertyKey.kt index 0e8148f6..4f7d57e5 100644 --- a/src/main/kotlin/fr/shikkanime/entities/enums/ConfigPropertyKey.kt +++ b/src/main/kotlin/fr/shikkanime/entities/enums/ConfigPropertyKey.kt @@ -22,9 +22,6 @@ enum class ConfigPropertyKey(val key: String) { BSKY_SESSION_TIMEOUT("bsky_session_timeout"), THREADS_SESSION_TIMEOUT("threads_session_timeout"), SIMULCAST_RANGE_DELAY("simulcast_range_delay"), - ANALYTICS_DOMAIN("analytics_domain"), - ANALYTICS_API("analytics_api"), - ANALYTICS_SCRIPT("analytics_script"), CRUNCHYROLL_FETCH_API_SIZE("crunchyroll_fetch_api_size"), ANIMATION_DITIGAL_NETWORK_SIMULCAST_DETECTION_REGEX("animation_digital_network_simulcast_detection_regex"), ANIME_EPISODES_SIZE_LIMIT("anime_episodes_size_limit"), diff --git a/src/main/kotlin/fr/shikkanime/modules/Routing.kt b/src/main/kotlin/fr/shikkanime/modules/Routing.kt index d4ba4ade..dd722cea 100644 --- a/src/main/kotlin/fr/shikkanime/modules/Routing.kt +++ b/src/main/kotlin/fr/shikkanime/modules/Routing.kt @@ -56,7 +56,7 @@ fun Application.configureRouting() { call.attributes.put(callStartTime, ZonedDateTime.now()) // If call is completed, the headers are already set if (call.response.status()?.value != null || !configCacheService.getValueAsBoolean(ConfigPropertyKey.USE_SECURITY_HEADERS)) return@subscribe - setSecurityHeaders(call, configCacheService) + setSecurityHeaders(call) } environment.monitor.subscribe(Routing.RoutingCallFinished) { call -> @@ -73,7 +73,7 @@ fun Application.configureRouting() { } } -private fun setSecurityHeaders(call: ApplicationCall, configCacheService: ConfigCacheService) { +private fun setSecurityHeaders(call: ApplicationCall) { call.response.pipeline.intercept(ApplicationSendPipeline.Transform) { context.response.header( HttpHeaders.StrictTransportSecurity, @@ -87,7 +87,7 @@ private fun setSecurityHeaders(call: ApplicationCall, configCacheService: Config "font-src 'self' https://cdn.jsdelivr.net; " + "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net;" + "img-src data: 'self' 'unsafe-inline' 'unsafe-eval' ${Constant.apiUrl} ${Constant.baseUrl};" + - "connect-src 'self' ${Constant.apiUrl} ${configCacheService.getValueAsString(ConfigPropertyKey.ANALYTICS_API) ?: ""};" + "connect-src 'self' ${Constant.apiUrl};" ) context.response.header("X-Frame-Options", "DENY") diff --git a/src/main/kotlin/fr/shikkanime/modules/SEOManager.kt b/src/main/kotlin/fr/shikkanime/modules/SEOManager.kt index df0dc542..60adbdef 100644 --- a/src/main/kotlin/fr/shikkanime/modules/SEOManager.kt +++ b/src/main/kotlin/fr/shikkanime/modules/SEOManager.kt @@ -26,9 +26,6 @@ fun setGlobalAttributes( modelMap["googleSiteVerification"] = configCacheService.getValueAsString(ConfigPropertyKey.GOOGLE_SITE_VERIFICATION_ID) modelMap["currentSimulcast"] = simulcastCacheService.currentSimulcast - modelMap["analyticsDomain"] = configCacheService.getValueAsString(ConfigPropertyKey.ANALYTICS_DOMAIN) - modelMap["analyticsApi"] = configCacheService.getValueAsString(ConfigPropertyKey.ANALYTICS_API) - modelMap["analyticsScript"] = configCacheService.getValueAsString(ConfigPropertyKey.ANALYTICS_SCRIPT) modelMap["baseUrl"] = Constant.baseUrl modelMap["apiUrl"] = Constant.apiUrl } diff --git a/src/main/kotlin/fr/shikkanime/utils/StringUtils.kt b/src/main/kotlin/fr/shikkanime/utils/StringUtils.kt index be95c888..4658cd6c 100644 --- a/src/main/kotlin/fr/shikkanime/utils/StringUtils.kt +++ b/src/main/kotlin/fr/shikkanime/utils/StringUtils.kt @@ -94,10 +94,6 @@ object StringUtils { .replace(">", ">") .replace("\"", """) - fun unSanitizeXSS(input: String): String = input.replace("<", "<") - .replace(">", ">") - .replace(""", "\"") - fun getIdentifier( countryCode: CountryCode, platform: Platform, diff --git a/src/main/resources/db/changelog/2024/09/02-changelog.xml b/src/main/resources/db/changelog/2024/09/02-changelog.xml new file mode 100644 index 00000000..7d63d415 --- /dev/null +++ b/src/main/resources/db/changelog/2024/09/02-changelog.xml @@ -0,0 +1,16 @@ + + + + + + + + property_key IN ('analytics_domain', 'analytics_api', 'analytics_script') + + + \ No newline at end of file diff --git a/src/main/resources/db/changelog/db.changelog-master.xml b/src/main/resources/db/changelog/db.changelog-master.xml index f7589d9c..952eacee 100644 --- a/src/main/resources/db/changelog/db.changelog-master.xml +++ b/src/main/resources/db/changelog/db.changelog-master.xml @@ -60,4 +60,5 @@ + \ No newline at end of file diff --git a/src/main/resources/templates/_freemarker_implicit.ftl b/src/main/resources/templates/_freemarker_implicit.ftl index 5a321341..beb36c82 100644 --- a/src/main/resources/templates/_freemarker_implicit.ftl +++ b/src/main/resources/templates/_freemarker_implicit.ftl @@ -26,9 +26,6 @@ [#-- @ftlvariable name="previousWeek" type="java.lang.String" --] [#-- @ftlvariable name="nextWeek" type="java.lang.String" --] -[#-- @ftlvariable name="analyticsDomain" type="java.lang.String" --] -[#-- @ftlvariable name="analyticsApi" type="java.lang.String" --] -[#-- @ftlvariable name="analyticsScript" type="java.lang.String" --] [#-- @ftlvariable name="baseUrl" type="java.lang.String" --] [#-- @ftlvariable name="apiUrl" type="java.lang.String" --] diff --git a/src/main/resources/templates/site/_layout.ftl b/src/main/resources/templates/site/_layout.ftl index 2b06c3d0..5fca2f2a 100644 --- a/src/main/resources/templates/site/_layout.ftl +++ b/src/main/resources/templates/site/_layout.ftl @@ -59,12 +59,6 @@ - - <#if (analyticsDomain?? && analyticsDomain?length != 0) && (analyticsApi?? && analyticsApi?length != 0) && (analyticsScript?? && analyticsScript?length != 0)> - - <#nested 0>