Merge pull request #911 from adrima01/sri_ignore

changes so that you can ignore the sri while developing
2024-05-02 13:20:29 +02:00 · 2024-05-02 13:20:29 +02:00 · f730f118b0
parent 9eb14548e3 7eaeefb828
commit f730f118b0
8 changed files with 22 additions and 16 deletions
--- a/config/generic.json.sample
+++ b/config/generic.json.sample
@ -13,6 +13,7 @@
    "days": 0,
    "hours": 0
  },
+  "enable_ignore_sri": false,
  "async_capture_processes": 1,
  "use_user_agents_users": false,
  "enable_default_blur_screenshot": false,
@ -112,6 +113,7 @@
    "max_capture_time": "The very maximal time we allow a capture to keep going. Should only be triggered by captures that cause playwright to never quit.",
    "max_tree_create_time": "The max time the generation of a tree is allowed to take",
    "s3fs": "The config to access a S3FS instance with the s3fs python module - it is not integrated properly for now as it requires urllib < 2.0 which is a non-started at this stage.",
-    "index_everything": "If true, index every capture, even if it's not public. This feature requires a dedicated kvrocks instance, and is only accessible when logged-in as admin."
+    "index_everything": "If true, index every capture, even if it's not public. This feature requires a dedicated kvrocks instance, and is only accessible when logged-in as admin.",
+    "enable_ignore_sri": "If true, the sri values are ignored and not calculated so that there are no problems while developing and testing."
  }
 }
--- a/website/web/init.py
+++ b/website/web/init.py
@ -135,6 +135,7 @@ blur_screenshot = get_config('generic', 'enable_default_blur_screenshot')

 use_own_ua = get_config('generic', 'use_user_agents_users')
 enable_mail_notification = get_config('generic', 'enable_mail_notification')
+enable_ignore_sri = get_config('generic', 'enable_ignore_sri')
 if enable_mail_notification:
    confirm_message = get_config('generic', 'email').get('confirm_message')
 else:
@ -178,8 +179,10 @@ app.jinja_env.globals.update(month_name=month_name)


 def get_sri(directory: str, filename: str) -> str:
+    if enable_ignore_sri:
+        return ""
    sha512 = sri_load()[directory][filename]
-    return f'sha512-{sha512}'
+    return f'integrity=sha512-{sha512}'


 app.jinja_env.globals.update(get_sri=get_sri)
@ -1173,6 +1176,7 @@ def tree(tree_uuid: str, node_uuid: str | None=None) -> Response | str | Werkzeu
                               screenshot_size=screenshot_size,
                               meta=meta, enable_mail_notification=enable_mail_notification,
                               enable_monitoring=lookyloo.monitoring_enabled,
+                               ignore_sri_enable=enable_ignore_sri,
                               monitoring_settings=lookyloo.monitoring_settings if lookyloo.monitoring_enabled else None,
                               monitoring_collections=monitoring_collections if lookyloo.monitoring_enabled else [],
                               enable_context_by_users=enable_context_by_users,
--- a/website/web/templates/capture.html
+++ b/website/web/templates/capture.html
@ -375,7 +375,7 @@
 {% block scripts %}
  {{ super() }}
  <script src='{{ url_for('static', filename='capture.js') }}'
-          integrity="{{get_sri('static', 'capture.js')}}"
+          {{get_sri('static', 'capture.js')}}
          crossorigin="anonymous"></script>
  <script>
  $('#nav-url-tab').on('click', function(e) {
--- a/website/web/templates/index.html
+++ b/website/web/templates/index.html
@ -51,7 +51,7 @@ $(document).ready(function () {
 {% block styles %}
 {{ super() }}
 <link rel="stylesheet" href="{{ url_for('static', filename='index.css') }}"
-      integrity="{{get_sri('static', 'index.css')}}"
+      {{get_sri('static', 'index.css')}}
      crossorigin="anonymous">
 {% endblock %}

--- a/website/web/templates/main.html
+++ b/website/web/templates/main.html
@ -6,17 +6,17 @@
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
    <link rel="shortcut icon" href="{{ url_for('static', filename='favicon.ico') }}"
-          integrity="{{get_sri('static', 'favicon.ico')}}"
+          {{get_sri('static', 'favicon.ico')}}
          crossorigin="anonymous">

    {% block styles %}
    <!-- Bootstrap CSS -->
    {{ bootstrap.load_css() }}
    <link rel="stylesheet" href="{{ url_for('static', filename='generic.css') }}"
-          integrity="{{get_sri('static', 'generic.css')}}"
+          {{get_sri('static', 'generic.css')}}
          crossorigin="anonymous">
    <link rel="stylesheet" href="{{ url_for('static', filename='datatables.min.css') }}"
-          integrity="{{get_sri('static', 'datatables.min.css')}}"
+          {{get_sri('static', 'datatables.min.css')}}
          crossorigin="anonymous">
    {% endblock %}

@ -36,13 +36,13 @@
    <!-- Optional JavaScript -->
    {{ bootstrap.load_js() }}
    <script src='{{ url_for('static', filename='jquery.min.js') }}'
-            integrity="{{get_sri('static', 'jquery.min.js')}}"
+            {{get_sri('static', 'jquery.min.js')}}
            crossorigin="anonymous"></script>
    <script src='{{ url_for('static', filename='datatables.min.js') }}'
-            integrity="{{get_sri('static', 'datatables.min.js')}}"
+            {{get_sri('static', 'datatables.min.js')}}
            crossorigin="anonymous"></script>
    <script src='{{ url_for('static', filename='generic.js') }}'
-            integrity="{{get_sri('static', 'generic.js')}}"
+            {{get_sri('static', 'generic.js')}}
            crossorigin="anonymous"></script>
    {% endblock %}
  </body>
--- a/website/web/templates/search.html
+++ b/website/web/templates/search.html
@ -62,6 +62,6 @@
 {% block scripts %}
  {{ super() }}
  <script src='{{ url_for('static', filename='capture.js') }}'
-          integrity="{{get_sri('static', 'capture.js')}}"
+          {{get_sri('static', 'capture.js')}}
          crossorigin="anonymous"></script>
 {% endblock %}
--- a/website/web/templates/stats.html
+++ b/website/web/templates/stats.html
@ -70,16 +70,16 @@
 {% block scripts %}
 {{ super() }}
 <script src='{{ url_for('static', filename='d3.min.js') }}'
-        integrity="{{get_sri('static', 'd3.min.js')}}"
+        {{get_sri('static', 'd3.min.js')}}
        crossorigin="anonymous"></script>
 <script src='{{ url_for('static', filename='stats_graph.js') }}'
-        integrity="{{get_sri('static', 'stats_graph.js')}}"
+        {{get_sri('static', 'stats_graph.js')}}
        crossorigin="anonymous"></script>
 {% endblock %}

 {% block styles %}
 {{ super() }}
 <link rel="stylesheet" href="{{ url_for('static', filename='stats.css') }}"
-      integrity="{{get_sri('static', 'stats.css')}}"
+      {{get_sri('static', 'stats.css')}}
      crossorigin="anonymous">
 {% endblock %}
--- a/website/web/templates/tree.html
+++ b/website/web/templates/tree.html
@ -29,10 +29,10 @@
 {% block scripts %}
  {{ super() }}
  <script src='{{ url_for('static', filename='d3.min.js') }}'
-          integrity="{{get_sri('static', 'd3.min.js')}}"
+          {{get_sri('static', 'd3.min.js')}}
          crossorigin="anonymous"></script>
  <script src='{{ url_for('static', filename='tree.js') }}'
-          integrity="{{get_sri('static', 'tree.js')}}"
+          {{get_sri('static', 'tree.js')}}
          crossorigin="anonymous"></script>

  <script>