From f690e8cb7a820b0685b98f83a6761cfc169487e4 Mon Sep 17 00:00:00 2001
From: Alan Pearce
Date: Thu, 13 Jun 2024 20:51:49 +0200
Subject: hash style elements during build step

---
 internal/server/server.go | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

(limited to 'internal/server/server.go')

diff --git a/internal/server/server.go b/internal/server/server.go
index 77905f8..d2939ca 100644
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -39,7 +39,6 @@ type Server struct {
 }
 
 func applyDevModeOverrides(config *cfg.Config, listenAddress string) {
-	config.CSP.StyleSrc = slices.Insert(config.CSP.StyleSrc, 0, "'unsafe-inline'")
 	config.CSP.ScriptSrc = slices.Insert(config.CSP.ScriptSrc, 0, "'unsafe-inline'")
 	config.CSP.ConnectSrc = slices.Insert(config.CSP.ConnectSrc, 0, "'self'")
 	config.BaseURL = cfg.URL{
@@ -50,6 +49,13 @@ func applyDevModeOverrides(config *cfg.Config, listenAddress string) {
 	}
 }
 
+func updateCSPHashes(config *cfg.Config, r *builder.Result) {
+	clear(config.CSP.StyleSrc)
+	for i, h := range r.Hashes {
+		config.CSP.StyleSrc[i] = fmt.Sprintf("'%s'", h)
+	}
+}
+
 func serverHeaderHandler(wrappedHandler http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if r.ProtoMajor >= 2 && r.Header.Get("Host") != "" {
@@ -81,7 +87,11 @@ func New(runtimeConfig *Config) (*Server, error) {
 			BaseURL:     config.BaseURL,
 			Development: true,
 		}
-		builder.BuildSite(builderConfig)
+		r, err := builder.BuildSite(builderConfig)
+		if err != nil {
+			return nil, errors.WithMessage(err, "could not build site")
+		}
+		updateCSPHashes(config, r)
 
 		liveReload := livereload.New()
 		top.Handle("/_/reload", liveReload)
@@ -102,7 +112,11 @@ func New(runtimeConfig *Config) (*Server, error) {
 		}
 		go fw.Start(func(filename string) {
 			log.Debug("file updated", "filename", filename)
-			builder.BuildSite(builderConfig)
+			r, err := builder.BuildSite(builderConfig)
+			if err != nil {
+				log.Error("could not build site", "error", err)
+			}
+			updateCSPHashes(config, r)
 			liveReload.Reload()
 		})
 	}
-- 
cgit 1.4.1