CSP policy changed

public/index.html

@@ -7,16 +7,17 @@
   <meta name="theme-color" content="#000000">
   <meta name="Description" content="MobiledgeX Console">
   <meta http-equiv="Content-Security-Policy" content="
-      default-src 'self' 'unsafe-inline' https://cartodb-basemaps-c.global.ssl.fastly.net; 
-      style-src 'self' 'unsafe-inline'; 
-      font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://cdnjs.cloudflare.com data: blob;
-      style-src-elem 'self' 'unsafe-inline' https://unpkg.com/[email protected]/dist/leaflet.css https://fonts.googleapis.com/css https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.min.css https://fonts.googleapis.com/icon;
-      script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com;
-      img-src * data: blob;
-      object-src 'self' data: blob;
-      connect-src *">
+    default-src 'self';
+    style-src 'self'  'unsafe-inline' ;
+    style-src-elem 'self'  'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.min.css;
+    font-src 'self' https://fonts.gstatic.com data:;
+    img-src 'self' data: blob https://*.basemaps.cartocdn.com;
+    script-src 'self' 'nonce-fe5c41401df28f2961b186867a0bf92a' https://cdnjs.cloudflare.com/ajax/libs/zxcvbn/4.4.2/zxcvbn.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js;
+    connect-src 'self' https://ipv4.icanhazip.com https://www.google-analytics.com wss://*.mobiledgex.net;
+    frame-src 'self' https://www.google.com/">
 
-  <script>
+
+  <script nonce="fe5c41401df28f2961b186867a0bf92a">
     try {
       let gaId = JSON.parse(atob("%REACT_APP_GA_MEASUREMENT_ID%"))[window.location.hostname]
       if (gaId) {
@@ -41,12 +42,10 @@
   <!--cache disable end-->
   <link rel="manifest" href="%PUBLIC_URL%/manifest.json">
   <link rel="shortcut icon" href="%PUBLIC_URL%/favicon.ico">
-  <link rel="preload" href="https://fonts.googleapis.com/icon?family=Material+Icons|Material+Icons+Outlined" as="style"
-    onload="this.rel='stylesheet'" />
-  <link rel="preload" href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.min.css" as="style"
-    onload="this.rel='stylesheet'" />
-  <link rel="preload" href="https://fonts.googleapis.com/css?family=Inconsolata&display=swap" as="style"
-    onload="this.rel='stylesheet'" />
+  <link rel='stylesheet' href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.min.css" as='style' />
+  <link rel='stylesheet' href="https://fonts.googleapis.com/icon?family=Material+Icons|Material+Icons+Outlined"
+    as='style' />
+  <link rel='stylesheet' href="https://fonts.googleapis.com/css?family=Inconsolata&display=swap" as='style' />
   <title>MobiledgeX Console</title>
 </head>
 

src/helper/constant/shared.js

@@ -2,4 +2,9 @@ import { perpetual } from "."
 
 export const isPathOrg = (self)=>{
     return self.props.history.location.pathname.includes(perpetual.PAGE_ORGANIZATIONS.toLowerCase())
+}
+
+export const tokenRequired = ()=>{
+    const list = ['localhost', 'kubernetes.docker.internal']
+    return list.includes(window.location.hostname)
 }

src/hoc/mexmap/MexMap.js

@@ -101,7 +101,7 @@ class MexMap extends React.Component {
                     maxBounds={[[-90.0, -180.0], [90.0, 180.0]]}>
                     <TileLayer
                         style={{ width: '100%', height: '100%', zIndex: 1 }}
-                        url={'https://cartodb-basemaps-{s}.global.ssl.fastly.net/dark_all/{z}/{x}/{y}.png'}
+                        url={'https://{s}.basemaps.cartocdn.com/dark_all/{z}/{x}/{y}.png'}
                         zoom={2}
                         style={{ zIndex: 1 }}
                     />

src/hoc/stepper/mexMessageStream.js

@@ -96,7 +96,7 @@ class VerticalStepper extends React.Component {
                         if (steps.length >= 1 && steps[0].code === 200) {
                             if (lastStep.code === 200) {
                                 item.steps.push({ code: CODE_FINISH })
-                                this.props.dataFromServer(request)
+                                this.props.generateRequestData(request)
                             }
                         }
                         if (lastStep.code === 200) {

src/pages/landing/login/Login.js

@@ -6,6 +6,7 @@ import MexOTPValidation from './MexOTPValidation';
 import LoginForm from './LoginForm'
 import { withRouter } from 'react-router-dom';
 import { perpetual } from '../../../helper/constant';
+import { tokenRequired } from '../../../helper/constant/shared';
 class Login extends Component {
     constructor(props) {
         super(props);
@@ -22,7 +23,7 @@ class Login extends Component {
 
     loadMainPage = (data) => {
         if (data && data.token) {
-            if (window.location.hostname === 'localhost') {
+            if (tokenRequired()) {
                 localStorage.setItem(perpetual.LS_THASH, data.token)
             }
             else

src/services/service.js

@@ -4,6 +4,7 @@ import { formatData } from "./format";
 import { isBoolean } from "../utils/boolean_utils";
 import { WS_TOKEN } from "../helper/constant/endpoint";
 import { LS_THASH } from "../helper/constant/perpetual";
+import { tokenRequired } from "../helper/constant/shared";
 
 const formatter = (request, response, format = true, self) => {
     format = isBoolean(request.format) ? request.format : format
@@ -64,7 +65,7 @@ export const fetchWSToken = async (self) => {
  * @returns
  */
 export const fetchToken = (self) => {
-    if (window.location.hostname === 'localhost') {
+    if (tokenRequired()) {
         let token = localStorage.getItem(LS_THASH)
         if (token) {
             return token