schmidt1024/xmrpay.link
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add CSP, SRI, and auto-hash deploy pipeline

Browse Source 
- Content Security Policy via <meta> tag (blocks exfiltration to foreign domains)
- Subresource Integrity on all static and dynamically loaded scripts
- Nginx security headers snippet (HSTS, CSP, frame-ancestors on all responses)
- Auto-minify and SRI hash update in deploy.sh (prevents stale hashes)
This commit is contained in:
Alexander Schmidt
2026-03-27 07:51:01 +01:00
parent 2a3cc5682c
commit 83e7d43a74
6 changed files with 71 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app.js
View File

@@ -614,6 +614,8 @@
if (window.jspdf) { resolve(); return; }
var script = document.createElement('script');
script.src = 'lib/jspdf.min.js';
script.integrity = 'sha384-GwHhSt8QjC7J+v0zZ0Flfho/T76YHEcCL9w4rvjTIUHauh6gWJeBSIi3vWXxNhtA';
script.crossOrigin = 'anonymous';
script.onload = function () { pdfLoaded = true; resolve(); };
script.onerror = function () { reject(new Error('Failed to load jsPDF')); };
document.head.appendChild(script);
@@ -820,6 +822,8 @@
if (window.XmrCrypto) { resolve(); return; }
const script = document.createElement('script');
script.src = 'lib/xmr-crypto.bundle.js';
script.integrity = 'sha384-ta9IpDZOod8WcA7TprKyb/TxmOSNfkG0fCjhWssiSmpft9MLXAtSO8L8YmnH3DCY';
script.crossOrigin = 'anonymous';
script.onload = resolve;
script.onerror = function () { reject(new Error('Failed to load crypto module')); };
document.head.appendChild(script);