fix: add interceptors for console (#255)

* add interceptors for console * add interceptors for console to env.json
2025-08-11 21:17:32 +00:00 · 2020-06-22 13:17:29 +02:00
parent 66cca48b62
commit f68a5e63b5
4 changed files with 81 additions and 32 deletions
--- a/internal/api/http/middleware/csp.go
+++ b/internal/api/http/middleware/csp.go
@@ -6,29 +6,31 @@ import (
 )

 type CSP struct {
-	DefaultSrc CSPSourceOptions
-	ScriptSrc  CSPSourceOptions
-	ObjectSrc  CSPSourceOptions
-	StyleSrc   CSPSourceOptions
-	ImgSrc     CSPSourceOptions
-	MediaSrc   CSPSourceOptions
-	FrameSrc   CSPSourceOptions
-	FontSrc    CSPSourceOptions
-	ConnectSrc CSPSourceOptions
-	FormAction CSPSourceOptions
+	DefaultSrc  CSPSourceOptions
+	ScriptSrc   CSPSourceOptions
+	ObjectSrc   CSPSourceOptions
+	StyleSrc    CSPSourceOptions
+	ImgSrc      CSPSourceOptions
+	MediaSrc    CSPSourceOptions
+	FrameSrc    CSPSourceOptions
+	FontSrc     CSPSourceOptions
+	ManifestSrc CSPSourceOptions
+	ConnectSrc  CSPSourceOptions
+	FormAction  CSPSourceOptions
 }

 var (
 	DefaultSCP = CSP{
-		DefaultSrc: CSPSourceOptsNone(),
-		ScriptSrc:  CSPSourceOptsSelf(),
-		ObjectSrc:  CSPSourceOptsNone(),
-		StyleSrc:   CSPSourceOptsSelf(),
-		ImgSrc:     CSPSourceOptsSelf(),
-		MediaSrc:   CSPSourceOptsNone(),
-		FrameSrc:   CSPSourceOptsNone(),
-		FontSrc:    CSPSourceOptsSelf(),
-		ConnectSrc: CSPSourceOptsSelf(),
+		DefaultSrc:  CSPSourceOptsNone(),
+		ScriptSrc:   CSPSourceOptsSelf(),
+		ObjectSrc:   CSPSourceOptsNone(),
+		StyleSrc:    CSPSourceOptsSelf(),
+		ImgSrc:      CSPSourceOptsSelf(),
+		MediaSrc:    CSPSourceOptsNone(),
+		FrameSrc:    CSPSourceOptsNone(),
+		FontSrc:     CSPSourceOptsSelf(),
+		ManifestSrc: CSPSourceOptsSelf(),
+		ConnectSrc:  CSPSourceOptsSelf(),
 	}
 )

@@ -49,16 +51,17 @@ func (csp *CSP) Value(nonce string) string {

 func (csp *CSP) asMap() map[string]CSPSourceOptions {
 	return map[string]CSPSourceOptions{
-		"default-src": csp.DefaultSrc,
-		"script-src":  csp.ScriptSrc,
-		"object-src":  csp.ObjectSrc,
-		"style-src":   csp.StyleSrc,
-		"img-src":     csp.ImgSrc,
-		"media-src":   csp.MediaSrc,
-		"frame-src":   csp.FrameSrc,
-		"font-src":    csp.FontSrc,
-		"connect-src": csp.ConnectSrc,
-		"form-action": csp.FormAction,
+		"default-src":  csp.DefaultSrc,
+		"script-src":   csp.ScriptSrc,
+		"object-src":   csp.ObjectSrc,
+		"style-src":    csp.StyleSrc,
+		"img-src":      csp.ImgSrc,
+		"media-src":    csp.MediaSrc,
+		"frame-src":    csp.FrameSrc,
+		"font-src":     csp.FontSrc,
+		"manifest-src": csp.ManifestSrc,
+		"connect-src":  csp.ConnectSrc,
+		"form-action":  csp.FormAction,
 	}
 }

--- a/internal/api/http/middleware/security_headers.go
+++ b/internal/api/http/middleware/security_headers.go
@@ -48,7 +48,16 @@ func (h *headers) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		var err error
 		nonce, err = generateNonce(h.nonceLength)
 		if err != nil {
-			h.errorHandler(err).ServeHTTP(w, r)
+			errorHandler := h.errorHandler
+			if errorHandler == nil {
+				errorHandler = func(err error) http.Handler {
+					return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+						http.Error(w, err.Error(), http.StatusInternalServerError)
+						return
+					})
+				}
+			}
+			errorHandler(err).ServeHTTP(w, r)
 			return
 		}
 		r = saveContext(r, nonceKey, nonce)