Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bounty] fix security css #662

Open
louis030195 opened this issue Nov 10, 2024 · 8 comments
Open

[bounty] fix security css #662

louis030195 opened this issue Nov 10, 2024 · 8 comments
Labels
💎 Bounty enhancement New feature or request

Comments

@louis030195
Copy link
Collaborator

louis030195 commented Nov 10, 2024
edited
Loading

#606

anyone help fix this, somehow the CSS security thing does not pass

re-enable the search sidebar
9919660

and somehow fix the issue of security which only happens when doing

bun tauri build

and not in bun tauri dev

you need to tweak the tauri.config.json security rules somehow check #606

/bounty 50
@louis030195 louis030195 added the enhancement New feature or request label Nov 10, 2024
@linear Linear
Copy link

linear bot commented Nov 10, 2024

MED-271 [bounty]

@algora-pbc Algora PBC
Copy link

algora-pbc bot commented Nov 10, 2024
edited
Loading

💎 $50 bounty • Screenpi.pe

Steps to solve:

  1. Start working: Comment /attempt #662 with your implementation plan
  2. Submit work: Create a pull request including /claim #662 in the PR body to claim the bounty
  3. Receive payment: 100% of the bounty is received 2-5 days post-reward. Make sure you are eligible for payouts

Thank you for contributing to mediar-ai/screenpipe!

Add a bountyShare on socials

Attempt Started (GMT+0) Solution
🟢 @harshtech123 Nov 10, 2024, 5:09:59 AM WIP
🟢 @ologbonowiwi Nov 11, 2024, 6:21:15 PM WIP
🟢 @Dhruv80576 Nov 13, 2024, 4:26:28 PM WIP

@louis030195 louis030195 changed the title [bounty] [bounty] fix security css Nov 10, 2024
@harshtech123
Copy link

harshtech123 commented Nov 10, 2024
edited by algora-pbc bot
Loading

/attempt #662

Options

@tribhuwan-kumar
Copy link
Contributor

  • there is also a radix ui warning
 `DialogContent` requires a `DialogTitle` for the component to be accessible for screen reader users.

If you want to hide the `DialogTitle`, you can wrap it with our VisuallyHidden component.

For more information, see https://radix-ui.com/primitives/docs/components/dialog

putting this will fix this:

          <DialogTitle className="text-2xl font-bold">
            Changelog
          </DialogTitle>

here:

screenpipe/screenpipe-app-tauri/components/changelog-dialog.tsx

Line 29 in 574a970

<h1>Changelog</h1>

  • some errors are:
app-index.tsx:25  Warning: In HTML, <button> cannot be a descendant of <button>.
This will cause a hydration error.

can be fix from here

screenpipe/screenpipe-app-tauri/components/ui/sidebar.tsx

Line 602 in 574a970

const Comp = asChild ? Slot : "button"

  • when searching with opened sidebar
app-index.tsx:25  Warning: Function components cannot be given refs. Attempts to access this ref will fail. Did you mean to use React.forwardRef()?

Check the render method of `SlotClone`.

@harshtech123
Copy link

harshtech123 commented Nov 10, 2024
edited
Loading

[@louis030195]

i identified the issue and found following causes and fixes to do

"security": {
  "assetProtocol": {
    "enable": false
  },
  "csp": {
    "default-src": "'self' customprotocol: asset:",
    "connect-src": "ipc: http://ipc.localhost https://youtube.com https://api.openai.com http://localhost:3030 https://web.crabnebula.cloud https://api.github.com https://eu.i.posthog.com https://github.com https://*.githubusercontent.com https://*.github.com http://*:11434 http://*:9000 https://ai-proxy.i-f9f.workers.dev *",
    "font-src": [
      "https://fonts.gstatic.com",
      "tauri://localhost",
      "http://tauri.localhost"
    ],
    "media-src": "'self' mediadevices: asset: http://asset.localhost file: blob: tauri://localhost file: blob: https://youtube.com https://github.com https://youtu.be",
    "img-src": "'self' asset: http://asset.localhost blob: data: https://*.githubusercontent.com https://*.github.com https://github.com https://*.s3.amazonaws.com",
    "style-src": [
      "'unsafe-inline'",          // Allows inline styles
      "'self'",                   // Restricts to same origin
      "https://fonts.googleapis.com",  // Allows Google Fonts
      "tauri://localhost",
      "http://tauri.localhost",
      "http://localhost:*",
      "data:",                    // Allows data URIs
      "*"
    ],
    "frame-src": "https://www.youtube.com http://localhost:*"
  }
}

this may bypass the current security check

  • 'unsafe-inline': Allows inline styles, essential for apps using styles directly in HTML elements.

  • 'self': Restricts external loading to only from the app’s origin.

  • https://fonts.googleapis.com: Explicitly permits loading styles from google Fonts.

  • Wildcard (*) in style-src: Be cautious, as it may allow any source, potentially opening security risks.

@louis030195
Copy link
Collaborator Author

send a PR that show it's fixed

i don't accept chatgpt answer, just fix it

@ologbonowiwi
Copy link
Contributor

ologbonowiwi commented Nov 11, 2024
edited by algora-pbc bot
Loading

/attempt #662

Algora profile Completed bounties Tech Active attempts Options
@ologbonowiwi    3 mediar-ai bounties
+ 53 bounties from 7 projects
Rust, TypeScript,
Shell & more
Cancel attempt

@Dhruv80576
Copy link

Dhruv80576 commented Nov 13, 2024
edited by algora-pbc bot
Loading

/attempt #662

Options

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
💎 Bounty enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@louis030195 @ologbonowiwi @tribhuwan-kumar @Dhruv80576 @harshtech123