sage
sage copied to clipboard
Published
20 hours ago •
einride
einride
feat: add firebase config for CSP
Very initial take on a suggested way of handling CSP for firebase.
This takes in a set of "groups" and saves a generated Firebase config file using it. If we take the decision to use something like this we have to go over each saga app and add groups for all domains we want to add
Usage:
func (f Frontend) AddFirebaseConfig(ctx context.Context) error {
config := sgfirebaseconfig.Create(ctx, []string{"einride-dev-default", "amplitude"}, "https://setry.foobar.com")
sgfirebaseconfig.Save(ctx, config)
return nil
}
firebase.json
{
"hosting":{
"public":"build",
"ignore":[
"firebase.json",
"**/.*",
"**/node_modules/**"
],
"rewrites":[
{
"source":"**",
"destination":"/index.html"
}
],
"headers":[
{
"source":"/**",
"headers":[
{
"key":"Cache-Control",
"value":"max-age=120"
}
]
},
{
"source":"**/*.@(jpg|jpeg|gif|png|svg|webp|js|css|eot|otf|ttf|ttc|woff|woff2|font.css)",
"headers":[
{
"key":"Cache-Control",
"value":"max-age=604800"
}
]
},
{
"key":"X-Frame-Options",
"value":"SAMEORIGIN"
},
{
"key":"Content-Security-Policy",
"value":"default-src 'self'; connect-src https://*.saga.einride.dev https://identitytoolkit.googleapis.com https://api2.amplitude.com; font-src https://fonts.einride.dev; frame-src ; img-src ; script-src 'self'; style-src 'self' https://fonts.einride.dev; report-uri https://setry.foobar.com; report-to default"
},
{
"key":"Referrer-Policy",
"value":"origin-when-cross-origin"
},
{
"key": "Report-To",
"value": "'group':'default', 'max_age':3600, 'endpoints':[{'url':'https://setry.foobar.com'}],'include_subdomains':true'"
}
]
}
}
