From 1ff336184188c27e0096aa13637c5e2eb858154d Mon Sep 17 00:00:00 2001
From: needForBeans <lucamrickli@gmail.com>
Date: Fri, 19 Apr 2024 19:00:57 +0200
Subject: [PATCH] csp fix

---
 github-oauth/deployment.yaml | 75 ++++++++++++++++++++++++++++++++++++
 github-oauth/src/index.ts    |  9 ++++-
 2 files changed, 83 insertions(+), 1 deletion(-)
 create mode 100644 github-oauth/deployment.yaml

diff --git a/github-oauth/deployment.yaml b/github-oauth/deployment.yaml
new file mode 100644
index 0000000..95c8c97
--- /dev/null
+++ b/github-oauth/deployment.yaml
@@ -0,0 +1,75 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cms-oauth
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cms-oauth
+  namespace: cms-oauth
+spec:
+  selector:
+    matchLabels:
+      app: cms-oauth
+  template:
+    metadata:
+      labels:
+        app: cms-oauth
+    spec:
+      containers:
+        - name: cms-oauth
+          image: ghcr.io/rickli-cloud/cms-oauth:0.0.1-pre2@sha256:7e0a1d3e5cfa1917ccba456d82173285a942121eaf607648b1f2aa7c571b3bf1 # ARM64 image
+          resources:
+            limits:
+              memory: "128Mi"
+              cpu: "500m"
+          ports:
+            - containerPort: 8000
+          env:
+            - name: OAUTH_CLIENT_ID
+              value: CHANGEME
+            - name: OAUTH_CLIENT_SECRET
+              value: CHANGEME
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: cms-oauth
+  namespace: cms-oauth
+spec:
+  selector:
+    app: cms-oauth
+  ports:
+    - port: 8000
+      targetPort: 8000
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: cms-oauth
+  namespace: cms-oauth
+  annotations:
+    app: cms-oauth
+    # cert-manager.io/cluster-issuer:
+spec:
+  # ingressClassName:
+  rules:
+    - host: cms-oauth.local
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: cms-oauth
+                port:
+                  number: 8000
+  # tls:
+  #   - secretName: cms-oauth-ingress.crt
+  #     hosts:
+  #       - cms-oauth.local
diff --git a/github-oauth/src/index.ts b/github-oauth/src/index.ts
index 353c10e..545fcb6 100644
--- a/github-oauth/src/index.ts
+++ b/github-oauth/src/index.ts
@@ -9,7 +9,14 @@ import { generateScript } from "./loginScript";
 import { AddressInfo } from "node:net";
 import { promisify } from "node:util";
 
-const applyHelmetHeaders = helmet();
+const applyHelmetHeaders = helmet({
+  contentSecurityPolicy: {
+    directives: {
+      ...helmet.contentSecurityPolicy.getDefaultDirectives(),
+      "script-src": ["'self'", "'unsafe-inline'"],
+    },
+  },
+});
 const applyHelmetHeadersAsync = promisify(applyHelmetHeaders);
 
 const errorMessage = (code: number) =>