Improve security of docker image (#232)

fix #231
NicolasCARPi · May 28, 2021 · 0194655 · 0194655
1 parent ff38577
commit 0194655
Show file tree

Hide file tree

Showing 8 changed files with 9,634 additions and 9,463 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -21,11 +21,13 @@ RUN apt-get update && apt-get -y --no-install-recommends install gnupg \
     && curl -sL https://deb.nodesource.com/setup_14.x | bash - \
     && apt-get install -y nodejs \
     && npm install -g documentation \
-    && rm -rf /var/lib/apt/lists/*
+    && rm -rf /var/lib/apt/lists/* \
+    && a2enmod headers
 
 COPY . /var/www/html
 RUN ln -s /var/www/html/src /var/www/html/demos/src
-RUN sed -i -e "s:/var/www/html:/var/www/html/demos:" /etc/apache2/sites-enabled/000-default.conf
+COPY ./apache/000-default.conf /etc/apache2/sites-enabled/000-default.conf
+COPY ./apache/php.ini /usr/local/etc/php/php.ini
 
 # generate api doc
 WORKDIR /var/www/html

diff --git a/apache/000-default.conf b/apache/000-default.conf
@@ -0,0 +1,16 @@
+<VirtualHost *:80>
+	ServerName jeditable.elabftw.net
+
+	ServerAdmin webmaster@localhost
+	DocumentRoot /var/www/html/demos
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+	Header always set Strict-Transport-Security "max-age=63072000"
+	Header always set X-xss-protection "0"
+	Header always set X-content-type-options "nosniff"
+	Header always set Content-Security-Policy "default-src 'self' data:; script-src 'self' https://ajax.googleapis.com https://code.jquery.com; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline' https://code.jquery.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com; font-src 'self' data: https://use.fontawesome.com https://maxcdn.bootstrapcdn.com; object-src 'self'; base-uri 'none'; frame-ancestors 'none'"
+	Header always set Referrer-policy "no-referrer"
+	Header always set Feature-policy "autoplay 'none'; camera 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; vr 'none'"
+</VirtualHost>
diff --git a/apache/php.ini b/apache/php.ini
diff --git a/demos/index.html b/demos/index.html
@@ -470,263 +470,7 @@ <h4 class='trigger'><i class='fas fa-eye'></i> Show source code</h4>
             </div>
 
         </div>
-
     </div>
-
-        <!-- BEGIN JAVASCRIPT -->
-        <script>
-        $(document).ready(function() {
-            // make all examples reachable with Tab key for accessibility
-            $(".example").editableAriaShim();
-
-            // hide all source code
-            $('.source').hide();
-            // to toggle the source
-            $('.trigger').click(function() {
-                var sourceDiv = $(this).next('.source');
-
-                if (sourceDiv.is(':visible')) {
-                    $(this).html("<i class='fas fa-eye'></i> Show source code");
-                } else {
-                    $(this).html("<i class='fas fa-eye-slash'></i> Hide source code");
-                }
-
-                sourceDiv.toggle();
-            });
-
-            // BASIC MINIMAL EXAMPLE
-            $(".editable-text").editable("save.php");
-
-            // FULL EXAMPLE WITH PLENTY OF OPTIONS
-            // custom submitted data fields
-            var submitdata = {};
-            submitdata['slow'] = true;
-            submitdata['pwet'] = 'youpla';
-
-            $(".editable-text-full").editable("save.php", {
-                indicator : "<img src='img/spinner.svg' />",
-                type : "text",
-                // only limit to three letters example
-                //pattern: "[A-Za-z]{3}",
-                onedit : function() { console.log('If I return false edition will be canceled'); return true;},
-                before : function() { console.log('Triggered before form appears');},
-                callback : function(result, settings, submitdata) {
-                    console.log('Callback function: triggered after submit');
-                    console.log('Result: ' + result);
-                    console.log('Settings.width: ' + settings.width);
-                    console.log('Submitdata: ' + submitdata.pwet);
-                },
-                cancel : 'Cancel',
-                cssclass : 'custom-class',
-                cancelcssclass : 'btn btn-danger',
-                // select all text
-                select : true,
-                submitcssclass : 'btn btn-success',
-                maxlength : 200,
-                onerror: function(settings, self, xhr) {
-                    console.log("Error with status code: " + xhr.status);
-                    // reset the form
-                    self.reset();
-                },
-                label : 'This is a label',
-                onreset : function() { console.log('Triggered before reset') },
-                onblur : function() { console.log('Triggered on blur event');return true; },
-                onsubmit : function() { console.log('Triggered before submit') },
-                showfn : function(elem) { elem.fadeIn('slow') },
-                submit : 'Save',
-                submitdata : submitdata,
-                /* submitdata as a function example
-                submitdata : function(revert, settings, submitdata) {
-                    console.log("Revert text: " + revert);
-                    console.log(settings);
-                    console.log("User submitted text: " + submitdata.value);
-                },
-                */
-                tooltip : "Click to edit...",
-                width : 160
-            });
-
-
-            // NORMAL TEXTAREA
-            $(".editable_textarea").editable("save.php", {
-                type   : 'textarea',
-                submit : 'OK',
-                cancelcssclass : 'btn btn-danger',
-                submitcssclass : 'btn btn-success',
-                cancel : 'Nope',
-                width: 300
-            });
-
-            // INLINE SELECT
-            $(".editable-select").editable("save.php", {
-                type   : "select",
-                sortselectoptions: true,
-                data   : '{"Wiki":"Wiki","Banana":"Banana","Apple":"Apple", "Pear":"Pear", "selected":"Pear"}',
-                submitdata : function() { return {id : 42, something: 'else'};},
-                style  : "inherit"
-            });
-            // INLINE SELECT WITH JSON
-            $(".editable-select-json").editable("save.php", {
-                type   : "select",
-                loadurl : "json.php",
-                loadtext : "Fetching JSON…",
-                submit : "OK",
-                style  : "inherit"
-            });
-            // MULTIPLE SELECT
-            $(".multiple-select").editable("save.php", {
-                type : "select",
-                data   : '{"Wiki":"Wiki","Banana":"Banana","Apple":"Apple", "Pear":"Pear"}',
-                submit: 'OK',
-                multiple : true,
-                onblur: function() { return true; },
-                // use intercept to display the results as we want it
-                intercept: function(result, status) {
-                    return "You selected: " + result + ". ";
-                },
-                onerror: function(settings, self, xhr) {
-                    console.log("Error with status code: " + xhr.status);
-                },
-                submitdata : function(revert, settings, result) {
-                    console.log("User selected values: " + result.value);
-                },
-            });
-
-            // DIFFERENT EVENTS
-            // click
-            $(".click").editable("save.php", {
-                tooltip   : "Click to edit...",
-                style  : "inherit"
-            });
-
-            // double click
-            $(".dblclick").editable("save.php", {
-                tooltip   : "Doubleclick to edit...",
-                event     : "dblclick",
-                style  : "inherit"
-            });
-
-            // mouseover
-            $(".mouseover").editable("save.php", {
-                tooltip   : "Move mouseover to edit...",
-                event     : "mouseover",
-                style  : "inherit"
-            });
-
-            // INTERCEPT
-            // GET BACK JSON AND PROCESS IT BEFORE DISPLAY
-            $(".intercept").editable("json2.php", {
-                submit : 'OK',
-                intercept : function(jsondata) {
-                    json = JSON.parse(jsondata);
-                    console.log(json.status);
-                    console.log(json.other);
-                    return json.result;
-                },
-            });
-
-            // EMAIL
-            $(".email").editable("save.php", {
-                type: "email",
-                tooltip: "Enter a valid email address",
-                placeholder: "nico.tesla@example.com",
-            });
-            // NUMBER
-            $(".number").editable("save.php", {
-                type: "number",
-                tooltip: "Click to edit: number",
-                placeholder: "0",
-                min: 0,
-                max: 10,
-                step: 1
-            });
-            // URL
-            $(".url").editable("save.php", {
-                type: "url",
-                tooltip: "Enter a valid URL",
-                placeholder: "https://www.example.com"
-            });
-
-
-            // CSS BUTTONS
-            $(".css-buttons").editable("save.php", {
-                submit : 'OK',
-                cancel : 'Cancel',
-                cssclass : 'custom-class',
-                cancelcssclass : 'btn btn-danger',
-                submitcssclass : 'btn btn-success',
-                formid : 'abc-123'
-            });
-
-            // CHECKBOX
-            $(".checkbox").editable("save.php", {
-                type      : "checkbox",
-                submit : 'ok'
-            });
-
-            // CHAR COUNTER
-            $(".charcounter").editable("save.php", {
-                type      : "charcounter",
-                submit    : 'OK',
-                tooltip   : "Click to edit...",
-                onblur    : "ignore",
-                charcounter : {
-                    characters : 60
-                }
-            });
-
-            // MASKED INPUT
-            $(".masked").editable("save.php", {
-                type      : "masked",
-                mask      : "99/99/9999",
-                submit    : 'OK',
-                tooltip   : "Click to edit..."
-            });
-
-            // AUTOGROW
-            $(".autogrow").editable("save.php", {
-                type      : "autogrow",
-                submit    : 'OK',
-                cancel    : 'cancel',
-                tooltip   : "Click to edit...",
-                onblur    : "ignore"
-            });
-            // DATEPICKER
-            $(".datepicker").editable("save.php", {
-                type      : 'datepicker',
-                datepicker : {
-                    format: "dd-mm-yy"
-                },
-                submit : 'OK',
-                tooltip   : "Click to edit..."
-            });
-            // TIME
-            $(".timepicker").editable("save.php", {
-                type      : 'time',
-                submit    : 'OK',
-                tooltip   : "Click to edit..."
-            });
-
-            // Non existing element should not cause error
-            $("#nosuch").editable("save.php", {
-                type   : 'textarea',
-                submit : 'OK'
-            });
-
-        });
-        </script>
-
-        <footer>
-            <!-- Global site tag (gtag.js) - Google Analytics -->
-            <script async src="https://www.googletagmanager.com/gtag/js?id=UA-50763178-2"></script>
-            <script>
-              window.dataLayer = window.dataLayer || [];
-              function gtag(){dataLayer.push(arguments);}
-              gtag('js', new Date());
-
-              gtag('config', 'UA-50763178-2');
-            </script>
-        </footer>
-
+    <script src='index.js'></script>
     </body>
 </html>