diff options
| author | Martin Fischer <martin@push-f.com> | 2021-07-03 11:15:02 +0200 |
|---|---|---|
| committer | Martin Fischer <martin@push-f.com> | 2021-07-03 11:15:47 +0200 |
| commit | f50225041545ecf71ead3e493203f16f4b5f24c0 (patch) | |
| tree | 8effab0e07fa44314f4b300f4fe388d515f629c3 /src/main.rs | |
| parent | d43543440e5d3f0e93ed1cf197601d778541c3ae (diff) | |
allow renderers to mutate Page (and frame-src CSP)
Diffstat (limited to 'src/main.rs')
| -rw-r--r-- | src/main.rs | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/src/main.rs b/src/main.rs index 4d0c1b3..a5b7ce0 100644 --- a/src/main.rs +++ b/src/main.rs @@ -215,6 +215,7 @@ async fn service<C: Controller>( let (mut parts, body) = request.into_parts(); let mut script_csp = "'none'".into(); + let mut frame_csp = "'none'".into(); let mut resp = build_response(args, &*controller, &mut parts, body) .await @@ -224,6 +225,9 @@ async fn service<C: Controller>( if !page.script_src.is_empty() { script_csp = page.script_src.join(" "); } + if let Some(src) = page.frame_src { + frame_csp = src; + } Builder::new() .content_type(mime::TEXT_HTML) .body(render_page(&page, &*controller, &parts).into()) @@ -264,7 +268,8 @@ async fn service<C: Controller>( resp.headers_mut().insert( header::CONTENT_SECURITY_POLICY, format!( - "default-src 'self'; frame-src 'none'; script-src {}; style-src {}", + "default-src 'self'; frame-src {}; script-src {}; style-src {}", + frame_csp, script_csp, include_str!("static/style.css.sha"), ) @@ -283,6 +288,9 @@ pub struct Page { scripts: Vec<&'static str>, /// for the Content Security Policy script_src: Vec<&'static str>, + + /// for the Content Security Policy + frame_src: Option<&'static str>, } fn render_page<C: Controller>(page: &Page, controller: &C, parts: &Parts) -> String { @@ -518,16 +526,14 @@ impl Context { } } -fn render_markdown(input: &str) -> String { +fn render_markdown(input: &str, page: &mut Page) { let parser = Parser::new_ext(input, Options::all()); - let mut out = String::new(); - out.push_str("<div class=markdown-output>"); - html::push_html(&mut out, parser); - out.push_str("</div>"); - out + page.body.push_str("<div class=markdown-output>"); + html::push_html(&mut page.body, parser); + page.body.push_str("</div>"); } -fn get_renderer(path: &Path) -> Option<fn(&str) -> String> { +fn get_renderer(path: &Path) -> Option<fn(&str, &mut Page)> { match path.extension().map(|e| e.to_str().unwrap()) { Some("md") => Some(render_markdown), _ => None, |