enso/app/gui/index.html

60 lines
2.4 KiB
HTML

<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
<link
rel="stylesheet"
type="text/css"
crossorigin
href="https://api.mapbox.com/mapbox-gl-js/v2.1.1/mapbox-gl.css"
/>
<!-- https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP -->
<!-- FIXME https://github.com/validator/validator/issues/917 -->
<!-- FIXME Security Vulnerabilities: https://github.com/enso-org/ide/issues/226 -->
<!-- NOTE `frame-src` section of `http-equiv` required only for authorization -->
<!-- NOTE [NP]: https://stripe.com/docs/security/guide#content-security-policy for Stripe.js -->
<meta
http-equiv="Content-Security-Policy"
content="
default-src 'self';
frame-src 'self' data: https://js.stripe.com;
script-src 'self' 'unsafe-eval' data: https://*;
script-src-elem 'self' 'unsafe-inline' https://*;
style-src 'self' 'unsafe-inline' data: https://*;
connect-src 'self' data: ws://localhost:* ws://127.0.0.1:* http://localhost:* https://* wss://*;
worker-src 'self' blob:;
img-src 'self' blob: enso: data: https://*;
font-src 'self' data: https://*"
/>
<meta
name="viewport"
content="
width=device-width,
initial-scale = 1.0,
maximum-scale = 1.0,
user-scalable = no"
/>
<title>Enso %ENSO_IDE_VERSION%</title>
<script type="module">
import { platform } from '../common/src/detect.ts'
const currentPlatform = platform()
document.documentElement.setAttribute('data-version', '%ENSO_IDE_VERSION%')
document.documentElement.classList.add(currentPlatform.toLowerCase())
</script>
</head>
<body>
<div id="enso-spotlight" class="enso-spotlight"></div>
<div id="enso-dashboard" class="enso-dashboard"></div>
<div id="enso-chat" class="enso-chat"></div>
<div id="enso-portal-root" class="enso-portal-root"></div>
<script type="module" src="/src/entrypoint.ts"></script>
<noscript> This page requires JavaScript to run. Please enable it in your browser. </noscript>
</body>
</html>