From b18f45dfe1337d4cd7afa242a42167df7e27342f Mon Sep 17 00:00:00 2001 From: Stan Girard Date: Sat, 13 Jan 2024 19:43:02 -0800 Subject: [PATCH] fix: csp (#2016) added preview env # Description Please include a summary of the changes and the related issue. Please also include relevant motivation and context. ## Checklist before requesting a review Please delete options that are not relevant. - [ ] My code follows the style guidelines of this project - [ ] I have performed a self-review of my code - [ ] I have commented hard-to-understand areas - [ ] I have ideally added tests that prove my fix is effective or that my feature works - [ ] New and existing unit tests pass locally with my changes - [ ] Any dependent changes have been merged ## Screenshots (if appropriate): --- backend/chat_service.py | 42 -------------------------------- backend/crawl_service.py | 40 ------------------------------- backend/upload_service.py | 50 --------------------------------------- frontend/next.config.js | 21 +++++++++++----- 4 files changed, 15 insertions(+), 138 deletions(-) delete mode 100644 backend/chat_service.py delete mode 100644 backend/crawl_service.py delete mode 100644 backend/upload_service.py diff --git a/backend/chat_service.py b/backend/chat_service.py deleted file mode 100644 index 075396ba3..000000000 --- a/backend/chat_service.py +++ /dev/null @@ -1,42 +0,0 @@ -from packages.utils.handle_request_validation_error import ( - handle_request_validation_error, -) - -if __name__ == "__main__": - # import needed here when running main.py to debug backend - # you will need to run pip install python-dotenv - from dotenv import load_dotenv # type: ignore - - load_dotenv() -from fastapi import FastAPI, HTTPException -from fastapi.responses import JSONResponse -from logger import get_logger -from middlewares.cors import add_cors_middleware -from modules.chat.controller import chat_router -from modules.misc.controller import misc_router - -logger = get_logger(__name__) - -app = FastAPI() - -add_cors_middleware(app) - -app.include_router(chat_router) -app.include_router(misc_router) - - -@app.exception_handler(HTTPException) -async def http_exception_handler(_, exc): - return JSONResponse( - status_code=exc.status_code, - content={"detail": exc.detail}, - ) - - -handle_request_validation_error(app) - -if __name__ == "__main__": - # run main.py to debug backend - import uvicorn - - uvicorn.run(app, host="0.0.0.0", port=5050) diff --git a/backend/crawl_service.py b/backend/crawl_service.py deleted file mode 100644 index aeb60e053..000000000 --- a/backend/crawl_service.py +++ /dev/null @@ -1,40 +0,0 @@ -from packages.utils import handle_request_validation_error - -if __name__ == "__main__": - # import needed here when running main.py to debug backend - # you will need to run pip install python-dotenv - from dotenv import load_dotenv # type: ignore - - load_dotenv() -from fastapi import FastAPI, HTTPException -from fastapi.responses import JSONResponse -from logger import get_logger -from middlewares.cors import add_cors_middleware -from modules.misc.controller import misc_router -from routes.crawl_routes import crawl_router - -logger = get_logger(__name__) -app = FastAPI() - -add_cors_middleware(app) - - -app.include_router(crawl_router) -app.include_router(misc_router) - - -@app.exception_handler(HTTPException) -async def http_exception_handler(_, exc): - return JSONResponse( - status_code=exc.status_code, - content={"detail": exc.detail}, - ) - - -handle_request_validation_error(app) - -if __name__ == "__main__": - # run main.py to debug backend - import uvicorn - - uvicorn.run(app, host="0.0.0.0", port=5050) diff --git a/backend/upload_service.py b/backend/upload_service.py deleted file mode 100644 index 1a4643f1f..000000000 --- a/backend/upload_service.py +++ /dev/null @@ -1,50 +0,0 @@ -import os - -from packages.utils import handle_request_validation_error - -if __name__ == "__main__": - # import needed here when running main.py to debug backend - # you will need to run pip install python-dotenv - from dotenv import load_dotenv # type: ignore - - load_dotenv() -import pypandoc -from fastapi import FastAPI, HTTPException -from fastapi.responses import JSONResponse -from logger import get_logger -from middlewares.cors import add_cors_middleware -from modules.misc.controller import misc_router -from modules.upload.controller import upload_router - -logger = get_logger(__name__) -app = FastAPI() - - -@app.on_event("startup") -async def startup_event(): - if not os.path.exists(pypandoc.get_pandoc_path()): - pypandoc.download_pandoc() - - -add_cors_middleware(app) - - -app.include_router(upload_router) -app.include_router(misc_router) - - -@app.exception_handler(HTTPException) -async def http_exception_handler(_, exc): - return JSONResponse( - status_code=exc.status_code, - content={"detail": exc.detail}, - ) - - -handle_request_validation_error(app) - -if __name__ == "__main__": - # run main.py to debug backend - import uvicorn - - uvicorn.run(app, host="0.0.0.0", port=5050) diff --git a/frontend/next.config.js b/frontend/next.config.js index b9bd7ab72..51b822a3a 100644 --- a/frontend/next.config.js +++ b/frontend/next.config.js @@ -37,6 +37,8 @@ const ContentSecurityPolicy = { process.env.NEXT_PUBLIC_SUPABASE_URL, "https://api.june.so", "https://us.posthog.com", + "https://preview.quivr.app", + "https://*.vercel.app", process.env.NEXT_PUBLIC_FRONTEND_URL, ], "connect-src": [ @@ -48,7 +50,7 @@ const ContentSecurityPolicy = { "https://api.openai.com", "https://cdn.growthbook.io", "https://vitals.vercel-insights.com/v1/vitals", - "https://us.posthog.com" + "https://us.posthog.com", ], "img-src": [ "'self'", @@ -62,21 +64,28 @@ const ContentSecurityPolicy = { "https://user-images.githubusercontent.com", process.env.NEXT_PUBLIC_FRONTEND_URL, "https://quivr-cms.s3.eu-west-3.amazonaws.com", + "https://preview.quivr.app", + "https://*.vercel.app", ], "script-src": [ "'unsafe-inline'", "'unsafe-eval'", "https://va.vercel-scripts.com/", process.env.NEXT_PUBLIC_FRONTEND_URL, + "https://preview.quivr.app", + "https://*.vercel.app", "https://www.google-analytics.com/", "https://js.stripe.com", - "https://us.posthog.com" - ], - "frame-src": ["https://js.stripe.com", - "https://us.posthog.com" + "https://us.posthog.com", ], + "frame-src": ["https://js.stripe.com", "https://us.posthog.com"], "frame-ancestors": ["'none'"], - "style-src": ["'unsafe-inline'", process.env.NEXT_PUBLIC_FRONTEND_URL], + "style-src": [ + "'unsafe-inline'", + process.env.NEXT_PUBLIC_FRONTEND_URL, + "https://preview.quivr.app", + "https://*.vercel.app", + ], }; // Build CSP string