From 0f2f981e3218a57f89995aa6cb6b684b2ec0ba8f Mon Sep 17 00:00:00 2001
From: Ed Tanous <ed.tanous@intel.com>
Date: Wed, 19 Dec 2018 17:59:28 -0800
Subject: Enable strict content security policy

Webpack allows us to define a content security policy that utilizes
hashes to define what is, and isn't allowed to execute in the page
context.  Because we're a single page application, this means that we
can effectively defend the whole page with a few extra lines of setup.

This does not utilitize _any_ of the unsafe-* calls that content
security policy has, which should meet security standards for all uses.

Tested By:
Launched GUI, observed no functional changes, and watched console for
CSP errors.  Saw none.

Change-Id: I892df1f1b004384943be0ae6e51046054991fd45
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
---
 package.json | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'package.json')

diff --git a/package.json b/package.json
index 2216e73..c4ed8e5 100644
--- a/package.json
+++ b/package.json
@@ -51,28 +51,29 @@
     "babel-loader": "8.0.2",
     "compression-webpack-plugin": "2.0.0",
     "copy-webpack-plugin": "4.5.2",
+    "csp-html-webpack-plugin": "^2.5.0",
     "css-loader": "1.0.0",
     "eslint-plugin-angular": "3.3.0",
     "event-stream": "3.3.4",
     "file-loader": "2.0.0",
+    "filter-chunk-webpack-plugin": "^2.1.0",
     "html-loader": "^0.5.5",
     "html-minifier": "^3.5.20",
+    "html-webpack-inline-source-plugin": "0.0.10",
     "html-webpack-plugin": "^3.2.0",
+    "ignore-assets-webpack-plugin": "^2.0.1",
+    "mini-css-extract-plugin": "^0.4.2",
     "node-sass": "^4.9.3",
     "null-loader": "^0.1.1",
     "raw-loader": "^0.5.1",
     "rimraf": "^2.5.1",
     "sass-loader": "^7.1.0",
     "style-loader": "^0.23.0",
+    "svg-inline-loader": "^0.8.0",
     "uglifyjs-webpack-plugin": "^1.3.0",
     "webpack": "^4.17.2",
-    "webpack-dev-server": "^3.1.7",
-    "html-webpack-inline-source-plugin": "0.0.10",
-    "ignore-assets-webpack-plugin": "^2.0.1",
-    "filter-chunk-webpack-plugin": "^2.1.0",
-    "mini-css-extract-plugin": "^0.4.2",
-    "svg-inline-loader": "^0.8.0",
-    "webpack-cli": "^3.1.0"
+    "webpack-cli": "^3.1.0",
+    "webpack-dev-server": "^3.1.7"
   },
   "license": "MIT",
   "engines": {
-- 
cgit v1.2.1