quivr

mirror of https://github.com/StanGirard/quivr.git synced 2024-09-21 18:07:39 +03:00

History

Matthieu Jacq d0e363e66e feat: enable CSP in all environments (local/preview/prod) (#1334 ) # Description Enable CSP in all environments (local/preview/prod). Relies on NEXT_PUBLIC_ENV env variable, which should be `'local'\|'preview'\|'prod'` # Comparison of old and new CSP values (tested locally) ## Before ### CSP (for prod only) ``` default-src 'self' https://fonts.googleapis.com https://xxx.supabase.co https://api.june.so https://www.quivr.app/; connect-src 'self' https://xxx.supabase.co http://localhost:5050 https://api.june.so https://api.openai.com https://cdn.growthbook.io https://vitals.vercel-insights.com/v1/vitals; img-src 'self' https://www.gravatar.com data:; media-src 'self' https://user-images.githubusercontent.com https://www.quivr.app/ https://quivr-cms.s3.eu-west-3.amazonaws.com; script-src 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com/ https://www.quivr.app/ https://www.google-analytics.com/; frame-ancestors 'none'; style-src 'unsafe-inline' https://www.quivr.app/; ``` ## After ### Prod CSP (iso with before) ``` default-src 'self' https://fonts.googleapis.com https://xxx.supabase.co https://api.june.so https://www.quivr.app/; connect-src 'self' https://xxx.supabase.co http://localhost:5050 https://api.june.so https://api.openai.com https://cdn.growthbook.io https://vitals.vercel-insights.com/v1/vitals; img-src 'self' https://www.gravatar.com data:; media-src 'self' https://user-images.githubusercontent.com https://www.quivr.app/ https://quivr-cms.s3.eu-west-3.amazonaws.com; script-src 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com/ https://www.quivr.app/ https://www.google-analytics.com/; frame-ancestors 'none'; style-src 'unsafe-inline' https://www.quivr.app/; ``` ### Preview CSP ``` default-src 'self' https://fonts.googleapis.com https://xxx.supabase.co https://api.june.so https://preview.quivr.app/; connect-src 'self' https://xxx.supabase.co http://localhost:5050 https://api.june.so https://api.openai.com https://cdn.growthbook.io https://vitals.vercel-insights.com/v1/vitals; img-src 'self' https://www.gravatar.com data:; media-src 'self' https://user-images.githubusercontent.com https://www.quivr.app/ https://quivr-cms.s3.eu-west-3.amazonaws.com; script-src 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com/ https://preview.quivr.app/ https://www.google-analytics.com/; frame-ancestors 'none'; style-src 'unsafe-inline' https://preview.quivr.app/; ``` ### Local CSP ``` default-src 'self' https://fonts.googleapis.com https://xxx.supabase.co https://api.june.so http://localhost:3000 http://localhost:3001; connect-src 'self' https://xxx.supabase.co http://localhost:5050 https://api.june.so https://api.openai.com https://cdn.growthbook.io https://vitals.vercel-insights.com/v1/vitals; img-src 'self' https://www.gravatar.com data:; media-src 'self' https://user-images.githubusercontent.com https://www.quivr.app/ https://quivr-cms.s3.eu-west-3.amazonaws.com; script-src 'unsafe-inline' 'unsafe-eval' https://va.vercel-scripts.com/ http://localhost:3000 http://localhost:3001 https://www.google-analytics.com/; frame-ancestors 'none'; style-src 'unsafe-inline' http://localhost:3000 http://localhost:3001; ``` # 🧪 External checks Syntax checked with https://csp-evaluator.withgoogle.com/ (for the 3 environments). --------- Co-authored-by: gozineb <zinebe@theodo.fr>		2023-10-05 17:37:25 +02:00
..
app	feat: restructure the sidebar of the brains management page (#1325 )	2023-10-04 18:12:27 +02:00
e2e	test: add e2e for crawling (#1288 )	2023-09-29 13:15:37 +02:00
lib	feat: restructure the sidebar of the brains management page (#1325 )	2023-10-04 18:12:27 +02:00
pages/blog	feat: knowledge tab list (#1222 )	2023-09-22 16:06:04 +02:00
public	feat: update onboarding controller and fix typo (#1333 )	2023-10-05 11:31:26 +02:00
services/analytics	fix: fix some bugs (#1201 )	2023-09-18 21:28:07 +02:00
shared	feat: display brain status on settings page (#1221 )	2023-09-20 16:24:56 +02:00
styles	feat(strapi): added first draft (#1237 )	2023-09-21 00:20:29 +02:00
.dockerignore	refactor(brain): removed braintoupdate and added brain (#356 )	2023-06-21 10:16:44 +02:00
.eslintrc.js	Feat/multiple brains frontend (#344 )	2023-06-20 16:17:13 +02:00
.gitignore	feat(e2e): add playright config and createBrain e2e test (#1177 )	2023-09-18 10:23:56 +02:00
.lintstagedrc.js	Devx/add linter rules (#331 )	2023-06-15 11:52:46 +02:00
Dockerfile	fix(gpt-3.5-instruct): bug and new version of node (#1228 )	2023-09-20 16:16:50 +02:00
Dockerfile.dev	docs(blog): updated	2023-09-21 21:14:01 +02:00
globals.css	fix: 🐛📱 height now matches mobile height (#1323 )	2023-10-04 12:04:57 +02:00
middleware.ts	Devx/add linter rules (#331 )	2023-06-15 11:52:46 +02:00
next.config.js	feat: enable CSP in all environments (local/preview/prod) (#1334 )	2023-10-05 17:37:25 +02:00
package.json	feat: ✨ responsive sidebar (#1279 )	2023-10-02 14:42:23 +02:00
playwright.config.ts	test: add e2e for crawling (#1288 )	2023-09-29 13:15:37 +02:00
pnpm-lock.yaml	FIX #1220 UX Upload improvement (#1259 )	2023-09-27 09:22:22 +02:00
postcss.config.js	Devx/add linter rules (#331 )	2023-06-15 11:52:46 +02:00
README.md	feat(api): new api init	2023-05-18 01:22:13 +02:00
sentry.client.config.ts	feat(sentry): added only if env variable set	2023-07-02 14:32:16 +02:00
sentry.edge.config.ts	feat(sentry): added only if env variable set	2023-07-02 14:32:16 +02:00
sentry.server.config.ts	feat(sentry): added only if env variable set	2023-07-02 14:32:16 +02:00
tailwind.config.js	feat: update chat list on new chat first message (#1305 )	2023-10-03 12:08:14 +02:00
tsconfig.eslint.json	Feat: chat name edit (#343 )	2023-06-20 09:54:23 +02:00
tsconfig.json	Devx/add linter rules (#331 )	2023-06-15 11:52:46 +02:00
vitest.config.ts	feat: ✨ responsive sidebar (#1279 )	2023-10-02 14:42:23 +02:00
vitest.setup.ts	feat: ✨ responsive sidebar (#1279 )	2023-10-02 14:42:23 +02:00
yarn.lock	feat: ✨ responsive sidebar (#1279 )	2023-10-02 14:42:23 +02:00

README.md

This is a Next.js project bootstrapped with create-next-app.

Getting Started

First, run the development server:

npm run dev
# or
yarn dev
# or
pnpm dev

Open http://localhost:3000 with your browser to see the result.

You can start editing the page by modifying app/page.tsx. The page auto-updates as you edit the file.

This project uses next/font to automatically optimize and load Inter, a custom Google Font.

Learn More

To learn more about Next.js, take a look at the following resources:

Next.js Documentation - learn about Next.js features and API.
Learn Next.js - an interactive Next.js tutorial.

You can check out the Next.js GitHub repository - your feedback and contributions are welcome!

Deploy on Vercel

The easiest way to deploy your Next.js app is to use the Vercel Platform from the creators of Next.js.

Check out our Next.js deployment documentation for more details.