From 69dc6301916fdf7d3c6a1605abe799f603b98046 Mon Sep 17 00:00:00 2001
From: peterpeterparker <david.dalbusco@outlook.com>
Date: Tue, 3 Dec 2019 09:07:44 +0100
Subject: [PATCH 1/4] feat(#497): update service worker loader hash in CSP

---
 studio/scripts/config.index.js | 31 ++++++++++++++++++++++++++-----
 studio/src/index.html          |  2 +-
 2 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/studio/scripts/config.index.js b/studio/scripts/config.index.js
index 1bf86ea18..2e8e06c03 100755
--- a/studio/scripts/config.index.js
+++ b/studio/scripts/config.index.js
@@ -2,19 +2,27 @@
 
 const fs = require('fs');
 
+const crypto = require('crypto');
+
 const configProd = require('../config.prod');
 const configDev = require('../config.dev');
 
 const dev = process.argv && process.argv.indexOf('--dev') > -1;
 
-// https://stackoverflow.com/a/14181136/5404186
-function updateIndexHml(filename) {
+function updateCSP(filename) {
     fs.readFile(`./www/${filename}`, 'utf8', function (err, data) {
         if (err) {
             return console.log(err);
         }
 
-        const result = data.replace(/<@API_URL@>/g, dev ? configDev.API_URL : configProd.API_URL);
+        // 1. Replace API Url
+        let result = data.replace(/<@API_URL@>/g, dev ? configDev.API_URL : configProd.API_URL);
+
+        // 2. Update service worker loader hash
+        const swHash = findSWHash(data);
+        if (swHash) {
+            result = result.replace(/<@SW_LOADER@>/g, swHash);
+        }
 
         fs.writeFile(`./www/${filename}`, result, 'utf8', function (err) {
             if (err) return console.log(err);
@@ -22,8 +30,21 @@ function updateIndexHml(filename) {
     });
 }
 
-updateIndexHml('index.html');
+function findSWHash(data) {
+    const sw = /(<.?script data-build.*?>)([\s\S]*?)(<\/script>)/gm;
+
+    let m;
+    while (m = sw.exec(data)) {
+        if (m && m.length >= 3 && m[2].indexOf('serviceWorker') > -1) {
+            return `'sha256-${crypto.createHash('sha256').update(m[2]).digest('base64')}'`;
+        }
+    }
+
+    return undefined;
+}
+
+updateCSP('index.html');
 
 if (!dev) {
-    updateIndexHml('index-org.html');
+    updateCSP('index-org.html');
 }
diff --git a/studio/src/index.html b/studio/src/index.html
index 93a5cfa5d..88d495a0d 100644
--- a/studio/src/index.html
+++ b/studio/src/index.html
@@ -9,7 +9,7 @@
     img-src 'self' data: https://deckdeckgo.com https://firebasestorage.googleapis.com/v0/b/deckdeckgo-studio-prod.appspot.com/ https://firebasestorage.googleapis.com/v0/b/deckdeckgo-studio-beta.appspot.com/ https://www.gstatic.com https://lh5.googleusercontent.com https://pbs.twimg.com https://media.giphy.com https://media.tenor.com/ https://images.unsplash.com/ https://*.githubusercontent.com/ https://*.googleusercontent.com/;
     style-src 'self' 'unsafe-inline' https://cdn.firebase.com https://fonts.googleapis.com;
     font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com;
-    script-src 'self' blob: 'sha256-vay/aAFxtYsaISRoBsVDHCbAzow9u6P2gHHTewRPaJY=' https://cdn.firebase.com https://apis.google.com https://unpkg.com/prismjs@latest/;
+    script-src 'self' blob: <@SW_LOADER@> 'sha256-vay/aAFxtYsaISRoBsVDHCbAzow9u6P2gHHTewRPaJY=' https://cdn.firebase.com https://apis.google.com https://unpkg.com/prismjs@latest/;
     connect-src 'self' <@API_URL@> https://deckdeckgo.com/ wss://api.deckdeckgo.com/ https://firebasestorage.googleapis.com/v0/b/deckdeckgo-studio-prod.appspot.com/ https://firebasestorage.googleapis.com/v0/b/deckdeckgo-studio-beta.appspot.com/ https://www.googleapis.com https://securetoken.googleapis.com https://firestore.googleapis.com ws://localhost:3333/ https://raw.githubusercontent.com/PrismJS https://raw.githubusercontent.com/deckgo/ https://api.tenor.com/;
     frame-src https://deckdeckgo.com https://*.deckdeckgo.com https://deckdeckgo-studio-beta.firebaseapp.com http://localhost:3333/~dev-server https://www.youtube.com/">
 

From ad7d0f1c84b697c92cb668088dc873a8156c25b4 Mon Sep 17 00:00:00 2001
From: peterpeterparker <david.dalbusco@outlook.com>
Date: Tue, 3 Dec 2019 09:34:45 +0100
Subject: [PATCH 2/4] feat(#497): update link CSS for CSP with prerender

---
 studio/scripts/config.index.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/studio/scripts/config.index.js b/studio/scripts/config.index.js
index 2e8e06c03..c900c0081 100755
--- a/studio/scripts/config.index.js
+++ b/studio/scripts/config.index.js
@@ -24,6 +24,9 @@ function updateCSP(filename) {
             result = result.replace(/<@SW_LOADER@>/g, swHash);
         }
 
+        // 3. Update CSS link until https://github.com/ionic-team/stencil/issues/2039 solved
+        result = result.replace(/rel=stylesheet media="\(max-width: 0px\)" importance=low onload="this\.media=''"/g, 'rel=stylesheet importance=low');
+
         fs.writeFile(`./www/${filename}`, result, 'utf8', function (err) {
             if (err) return console.log(err);
         });

From 0d34d62179e320e8785215bc9ab0e3d7336efeda Mon Sep 17 00:00:00 2001
From: peterpeterparker <david.dalbusco@outlook.com>
Date: Tue, 3 Dec 2019 09:59:51 +0100
Subject: [PATCH 3/4] feat(#497): update CSP of all html files

---
 studio/scripts/config.index.js | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/studio/scripts/config.index.js b/studio/scripts/config.index.js
index c900c0081..a4fdeedfa 100755
--- a/studio/scripts/config.index.js
+++ b/studio/scripts/config.index.js
@@ -1,6 +1,7 @@
 #!/usr/bin/env node
 
 const fs = require('fs');
+const path = require('path');
 
 const crypto = require('crypto');
 
@@ -10,7 +11,7 @@ const configDev = require('../config.dev');
 const dev = process.argv && process.argv.indexOf('--dev') > -1;
 
 function updateCSP(filename) {
-    fs.readFile(`./www/${filename}`, 'utf8', function (err, data) {
+    fs.readFile(`${filename}`, 'utf8', function (err, data) {
         if (err) {
             return console.log(err);
         }
@@ -27,7 +28,7 @@ function updateCSP(filename) {
         // 3. Update CSS link until https://github.com/ionic-team/stencil/issues/2039 solved
         result = result.replace(/rel=stylesheet media="\(max-width: 0px\)" importance=low onload="this\.media=''"/g, 'rel=stylesheet importance=low');
 
-        fs.writeFile(`./www/${filename}`, result, 'utf8', function (err) {
+        fs.writeFile(`${filename}`, result, 'utf8', function (err) {
             if (err) return console.log(err);
         });
     });
@@ -46,8 +47,20 @@ function findSWHash(data) {
     return undefined;
 }
 
-updateCSP('index.html');
+function findHTMLFiles(dir, files) {
+    fs.readdirSync(dir).forEach(file => {
+        const fullPath = path.join(dir, file);
+        if (fs.lstatSync(fullPath).isDirectory()) {
+            findHTMLFiles(fullPath, files);
+        } else if (path.extname(fullPath) === '.html') {
+            files.push(fullPath);
+        }
+    });
+}
+
+let htmlFiles = [];
+findHTMLFiles('./www/', htmlFiles);
 
-if (!dev) {
-    updateCSP('index-org.html');
+for (const file of htmlFiles) {
+    updateCSP(`./${file}`);
 }

From a3fe1605c7ce8d3de6c6aa8b883ad6fe465bfa0c Mon Sep 17 00:00:00 2001
From: peterpeterparker <david.dalbusco@outlook.com>
Date: Tue, 3 Dec 2019 10:06:36 +0100
Subject: [PATCH 4/4] fix(#497): Prism CSP

---
 studio/src/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/studio/src/index.html b/studio/src/index.html
index 88d495a0d..37a1bcc7e 100644
--- a/studio/src/index.html
+++ b/studio/src/index.html
@@ -10,7 +10,7 @@
     style-src 'self' 'unsafe-inline' https://cdn.firebase.com https://fonts.googleapis.com;
     font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com;
     script-src 'self' blob: <@SW_LOADER@> 'sha256-vay/aAFxtYsaISRoBsVDHCbAzow9u6P2gHHTewRPaJY=' https://cdn.firebase.com https://apis.google.com https://unpkg.com/prismjs@latest/;
-    connect-src 'self' <@API_URL@> https://deckdeckgo.com/ wss://api.deckdeckgo.com/ https://firebasestorage.googleapis.com/v0/b/deckdeckgo-studio-prod.appspot.com/ https://firebasestorage.googleapis.com/v0/b/deckdeckgo-studio-beta.appspot.com/ https://www.googleapis.com https://securetoken.googleapis.com https://firestore.googleapis.com ws://localhost:3333/ https://raw.githubusercontent.com/PrismJS https://raw.githubusercontent.com/deckgo/ https://api.tenor.com/;
+    connect-src 'self' <@API_URL@> https://deckdeckgo.com/ wss://api.deckdeckgo.com/ https://firebasestorage.googleapis.com/v0/b/deckdeckgo-studio-prod.appspot.com/ https://firebasestorage.googleapis.com/v0/b/deckdeckgo-studio-beta.appspot.com/ https://www.googleapis.com https://securetoken.googleapis.com https://firestore.googleapis.com ws://localhost:3333/ https://raw.githubusercontent.com/PrismJS/ https://raw.githubusercontent.com/deckgo/ https://api.tenor.com/;
     frame-src https://deckdeckgo.com https://*.deckdeckgo.com https://deckdeckgo-studio-beta.firebaseapp.com http://localhost:3333/~dev-server https://www.youtube.com/">
 
   <meta name="viewport" content="viewport-fit=cover, width=device-width, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no">