feat: SRI security toggle

2019-10-12 14:41:45 -04:00
parent 3de0e1499a
commit acb57879dd
10 changed files with 452 additions and 322 deletions
--- a/client/components/admin/admin-general.vue
+++ b/client/components/admin/admin-general.vue
@@ -184,6 +184,16 @@
                    hint='Should be enabled when using a reverse-proxy like nginx, apache, CloudFlare, etc in front of Wiki.js. Turn off otherwise.'
                    )

+                  v-divider.mt-3
+                  v-switch(
+                    inset
+                    label='Subresource Integrity'
+                    color='red darken-2'
+                    v-model='config.securitySRI'
+                    persistent-hint
+                    hint='This ensure that resources such as CSS and JS files are not altered during delivery.'
+                    )
+
                  v-divider.mt-3
                  v-switch(
                    inset
@@ -262,6 +272,7 @@ export default {
        securityIframe: true,
        securityReferrerPolicy: true,
        securityTrustProxy: true,
+        securitySRI: true,
        securityHSTS: false,
        securityHSTSDuration: 0,
        securityCSP: false,
@@ -309,6 +320,7 @@ export default {
            securityIframe: _.get(this.config, 'securityIframe', false),
            securityReferrerPolicy: _.get(this.config, 'securityReferrerPolicy', false),
            securityTrustProxy: _.get(this.config, 'securityTrustProxy', false),
+            securitySRI: _.get(this.config, 'securitySRI', false),
            securityHSTS: _.get(this.config, 'securityHSTS', false),
            securityHSTSDuration: _.get(this.config, 'securityHSTSDuration', 0),
            securityCSP: _.get(this.config, 'securityCSP', false),