From d354fb3a4b21300f760b7d873437c8af544d4d41 Mon Sep 17 00:00:00 2001 From: Daniel Haselhan Date: Wed, 1 May 2024 11:40:56 -0700 Subject: [PATCH] Add connect-src for snowplower, fix main docker --- alcs-frontend/Dockerfile | 6 ++++-- portal-frontend/Dockerfile | 2 ++ portal-frontend/nginx.conf | 2 +- services/config/default.json | 12 ++++++++---- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/alcs-frontend/Dockerfile b/alcs-frontend/Dockerfile index 8b3552cf30..0e4e9569d5 100644 --- a/alcs-frontend/Dockerfile +++ b/alcs-frontend/Dockerfile @@ -5,14 +5,16 @@ FROM node:20-alpine AS build WORKDIR /app # Copy package.json file -COPY package.json . +COPY package.json package-lock.json ./ # Install dependencies -RUN npm install +RUN npm ci # Copy the source code to the /app directory COPY . . +ENV NODE_OPTIONS="--max-old-space-size=2048" + # Build the application RUN npm run build -- --output-path=dist --output-hashing=all diff --git a/portal-frontend/Dockerfile b/portal-frontend/Dockerfile index 8b3f351595..212720b0e3 100644 --- a/portal-frontend/Dockerfile +++ b/portal-frontend/Dockerfile @@ -13,6 +13,8 @@ RUN npm ci # Copy the source code to the /app directory COPY . . +ENV NODE_OPTIONS="--max-old-space-size=2048" + # Build the application RUN npm run build -- --output-path=dist --output-hashing=all diff --git a/portal-frontend/nginx.conf b/portal-frontend/nginx.conf index 24ca3ba89c..4f9a35f8a8 100644 --- a/portal-frontend/nginx.conf +++ b/portal-frontend/nginx.conf @@ -19,7 +19,7 @@ http { add_header 'X-XSS-Protection' '1; mode=block'; add_header 'Strict-Transport-Security' 'max-age=31536000; includeSubDomains; preload'; add_header 'Cache-control' 'no-cache'; - add_header 'Content-Security-Policy' "default-src 'self'; img-src 'self'; style-src 'unsafe-inline' 'self'; connect-src $ENABLED_CONNECT_SRC; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; base-uri 'self'; object-src https://nrs.objectstore.gov.bc.ca; frame-src https://nrs.objectstore.gov.bc.ca; script-src 'self' https://www2.gov.bc.ca sha256-evje5KswYvntfuZqc5jmvUSANhIntI7Or6vVnjxGGQE=;"; + add_header 'Content-Security-Policy' "default-src 'self'; img-src 'self'; style-src 'unsafe-inline' 'self'; connect-src $ENABLED_CONNECT_SRC https://spm.apps.gov.bc.ca; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; base-uri 'self'; object-src https://nrs.objectstore.gov.bc.ca; frame-src https://nrs.objectstore.gov.bc.ca; script-src 'self' https://www2.gov.bc.ca 'sha256-evje5KswYvntfuZqc5jmvUSANhIntI7Or6vVnjxGGQE=';"; add_header 'Permissions-Policy' 'camera=(), geolocation=(), microphone=()'; add_header 'Referrer-Policy' 'same-origin'; diff --git a/services/config/default.json b/services/config/default.json index f4b411c42c..6cfa5e4351 100644 --- a/services/config/default.json +++ b/services/config/default.json @@ -32,7 +32,9 @@ "AUTH_SERVER": "test.loginproxy.gov.bc.ca", "AUTH_SERVER_URL": "https://test.loginproxy.gov.bc.ca/auth", "AUTH_TOKEN_URL": "https://test.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/token", - "SCOPES": ["openid"], + "SCOPES": [ + "openid" + ], "REALM": "standard" }, "SITEMINDER": { @@ -61,12 +63,14 @@ "MAX_FILE_SIZE": 104857600 }, "REDIS": { - "HOST": "localhost", + "HOST": "redis", "PORT": "6379", - "PASSWORD": "" + "PASSWORD": "redis" }, "EMAIL": { - "DEFAULT_ADMINS": [""] + "DEFAULT_ADMINS": [ + "" + ] }, "GRPC": { "BIND_URL": "localhost:50057",