From e94a5e0a7aadb92fb7859596aa919a69812e178c Mon Sep 17 00:00:00 2001 From: Mike Manfredi Date: Thu, 15 Feb 2024 00:21:58 +0000 Subject: [PATCH 1/4] Beginning of the changes that are needed to add header only when UI of an app is being requested --- services/system/ProxySys/src/ProxySys.cpp | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/services/system/ProxySys/src/ProxySys.cpp b/services/system/ProxySys/src/ProxySys.cpp index 14bc5e62c..970c4cd34 100644 --- a/services/system/ProxySys/src/ProxySys.cpp +++ b/services/system/ProxySys/src/ProxySys.cpp @@ -83,6 +83,15 @@ namespace SystemService if (result && !result->headers.empty() && serviceName != "common-sys") abortMessage("service " + service.str() + " attempted to set an http header"); + if (!result->headers["Content-Security-Policy"]) + for (auto& header : result->headers) + if (header.name == "Content-Security-Policy" and + header.value == "frame-ancestors 'none';") + + if () + result->headers.push_back( + HttpHeader{"Content-Security-Policy", "frame-ancestors 'none';"}); + setRetval(result); } // serve() From 60cfd9deb8f15af322ed18ecbce073dc1bfab560 Mon Sep 17 00:00:00 2001 From: Mike Manfredi Date: Fri, 16 Feb 2024 03:16:55 +0000 Subject: [PATCH 2/4] seems to have compiled --- .../psibase/common/include/psibase/Rpc.hpp | 10 ++++++++++ services/system/ProxySys/src/ProxySys.cpp | 17 +++++++++-------- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/libraries/psibase/common/include/psibase/Rpc.hpp b/libraries/psibase/common/include/psibase/Rpc.hpp index 24d074bc2..c5fe30fd4 100644 --- a/libraries/psibase/common/include/psibase/Rpc.hpp +++ b/libraries/psibase/common/include/psibase/Rpc.hpp @@ -11,7 +11,17 @@ namespace psibase { std::string name; std::string value; + + friend bool operator==(const HttpHeader& lhs, const HttpHeader& rhs) + { + return lhs.name == rhs.name && lhs.value == rhs.value; + } }; + + // bool operator==(const HttpHeader& lhs, const HttpHeader& rhs) { + // return lhs.name == rhs.name && lhs.value == rhs.value; + // } + PSIO_REFLECT(HttpHeader, definitionWillNotChange(), name, value) // TODO: consider adding headers to this diff --git a/services/system/ProxySys/src/ProxySys.cpp b/services/system/ProxySys/src/ProxySys.cpp index 970c4cd34..f9152246a 100644 --- a/services/system/ProxySys/src/ProxySys.cpp +++ b/services/system/ProxySys/src/ProxySys.cpp @@ -83,14 +83,15 @@ namespace SystemService if (result && !result->headers.empty() && serviceName != "common-sys") abortMessage("service " + service.str() + " attempted to set an http header"); - if (!result->headers["Content-Security-Policy"]) - for (auto& header : result->headers) - if (header.name == "Content-Security-Policy" and - header.value == "frame-ancestors 'none';") - - if () - result->headers.push_back( - HttpHeader{"Content-Security-Policy", "frame-ancestors 'none';"}); + // bool operator==(const HttpHeader& lhs, const HttpHeader& rhs) + // { + // return lhs.name == rhs.name && lhs.value == rhs.value; + // } + HttpHeader frameAncestorHeader = {"Content-Security-Policy", "frame-ancestors 'none';"}; + // Check if the target header is already in the vector; if the header was not found, add it + auto pos = std::find(result->headers.begin(), result->headers.end(), frameAncestorHeader); + if (pos == result->headers.end()) + result->headers.push_back(frameAncestorHeader); setRetval(result); } // serve() From 207a87fa0f89e590b864c95812b4c95e5a2f1f14 Mon Sep 17 00:00:00 2001 From: Mike Manfredi Date: Fri, 16 Feb 2024 17:27:41 +0000 Subject: [PATCH 3/4] debugged and working --- services/system/ProxySys/src/ProxySys.cpp | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/services/system/ProxySys/src/ProxySys.cpp b/services/system/ProxySys/src/ProxySys.cpp index f9152246a..523e012bf 100644 --- a/services/system/ProxySys/src/ProxySys.cpp +++ b/services/system/ProxySys/src/ProxySys.cpp @@ -79,19 +79,21 @@ namespace SystemService // TODO: avoid repacking (both directions) psibase::Actor iface(act.service, service); - auto result = iface.serveSys(std::move(req)); + auto reqTarget = req.target; + auto result = iface.serveSys(std::move(req)); if (result && !result->headers.empty() && serviceName != "common-sys") abortMessage("service " + service.str() + " attempted to set an http header"); - // bool operator==(const HttpHeader& lhs, const HttpHeader& rhs) - // { - // return lhs.name == rhs.name && lhs.value == rhs.value; - // } - HttpHeader frameAncestorHeader = {"Content-Security-Policy", "frame-ancestors 'none';"}; - // Check if the target header is already in the vector; if the header was not found, add it - auto pos = std::find(result->headers.begin(), result->headers.end(), frameAncestorHeader); - if (pos == result->headers.end()) - result->headers.push_back(frameAncestorHeader); + if (reqTarget.size() == 0 || reqTarget.starts_with("/index.html")) + { + // Check if the target header is already in the vector; if the header was not found, add it + HttpHeader frameAncestorHeader = {"Content-Security-Policy", "frame-ancestors 'none';"}; + auto pos = std::find(result->headers.begin(), result->headers.end(), frameAncestorHeader); + if (pos == result->headers.end()) + { + result->headers.push_back(frameAncestorHeader); + } + } setRetval(result); } // serve() From 6f824ea1dc170e38c7f456f21f5d9b10376711dd Mon Sep 17 00:00:00 2001 From: Mike Manfredi Date: Fri, 16 Feb 2024 17:29:57 +0000 Subject: [PATCH 4/4] cleaning up PR --- libraries/psibase/common/include/psibase/Rpc.hpp | 4 ---- services/system/ProxySys/src/ProxySys.cpp | 3 ++- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/libraries/psibase/common/include/psibase/Rpc.hpp b/libraries/psibase/common/include/psibase/Rpc.hpp index c5fe30fd4..9cbfdce6c 100644 --- a/libraries/psibase/common/include/psibase/Rpc.hpp +++ b/libraries/psibase/common/include/psibase/Rpc.hpp @@ -18,10 +18,6 @@ namespace psibase } }; - // bool operator==(const HttpHeader& lhs, const HttpHeader& rhs) { - // return lhs.name == rhs.name && lhs.value == rhs.value; - // } - PSIO_REFLECT(HttpHeader, definitionWillNotChange(), name, value) // TODO: consider adding headers to this diff --git a/services/system/ProxySys/src/ProxySys.cpp b/services/system/ProxySys/src/ProxySys.cpp index 523e012bf..5d58f0769 100644 --- a/services/system/ProxySys/src/ProxySys.cpp +++ b/services/system/ProxySys/src/ProxySys.cpp @@ -80,7 +80,8 @@ namespace SystemService psibase::Actor iface(act.service, service); auto reqTarget = req.target; - auto result = iface.serveSys(std::move(req)); + + auto result = iface.serveSys(std::move(req)); if (result && !result->headers.empty() && serviceName != "common-sys") abortMessage("service " + service.str() + " attempted to set an http header");