Skip to content

Commit

Permalink
#00000 Improving Score of CSP for VAPT Issue
Browse files Browse the repository at this point in the history
  • Loading branch information
@ajinkyapandetekdi
ajinkyapandetekdi committed Feb 28, 2025
1 parent 55d4685 commit 71b7745
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 31 deletions.
29 changes: 15 additions & 14 deletions public/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,20 +27,21 @@
<title>EkStep</title>

<!-- Content Security Policy -->
<meta http-equiv="Content-Security-Policy" content="
default-src 'self';
script-src 'self' https://cdn.jsdelivr.net/npm/[email protected]/dist/confetti.browser.min.js 'unsafe-eval';
style-src 'self' https://fonts.googleapis.com https://fonts.cdnfonts.com 'unsafe-inline';
object-src 'none';
base-uri 'self';
connect-src 'self' *.theall.ai https://all-prod-content-service.s3.ap-south-1.amazonaws.com blob:;
font-src 'self' https://fonts.googleapis.com https://fonts.cdnfonts.com https://fonts.gstatic.com;
frame-src 'self';
img-src 'self' https://images.squarespace-cdn.com https://all-prod-content-service.s3.ap-south-1.amazonaws.com https://s3.ap-south-1.amazonaws.com data: blob: https://raw.githubusercontent.com;
manifest-src 'self';
media-src 'self' blob: https://all-prod-content-service.s3.ap-south-1.amazonaws.com;
worker-src 'self' blob: https://d114esnbvw5tst.cloudfront.net;
" />
<meta http-equiv="Content-Security-Policy" content="
default-src 'self';
script-src 'self' https://cdn.jsdelivr.net/npm/[email protected]/dist/confetti.browser.min.js 'unsafe-eval';
style-src 'self' https://fonts.googleapis.com https://fonts.cdnfonts.com 'unsafe-inline';
object-src 'none';
base-uri 'self';
connect-src 'self' *.theall.ai https://all-prod-content-service.s3.ap-south-1.amazonaws.com blob:;
font-src 'self' https://fonts.googleapis.com https://fonts.cdnfonts.com https://fonts.gstatic.com;
frame-src 'self';
img-src 'self' https://images.squarespace-cdn.com https://all-prod-content-service.s3.ap-south-1.amazonaws.com https://s3.ap-south-1.amazonaws.com data: blob: https://raw.githubusercontent.com/;
manifest-src 'self';
media-src 'self' blob: https://all-prod-content-service.s3.ap-south-1.amazonaws.com;
worker-src 'self' blob: https://d114esnbvw5tst.cloudfront.net;
" />


</head>
<body>
Expand Down
18 changes: 7 additions & 11 deletions src/components/Layouts.jsx/MainLayout.jsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -795,7 +795,7 @@ const MainLayout = (props) => {
>
<Stack justifyContent="center" alignItems="center">
<img
src={`https://raw.githubusercontent.com/Sunbird-ALL/all-learner-ai-app/refs/heads/all-1.3/src/assets/images/gameLost.svg`}
src={gameLost}
alt="gameLost"
style={{ height: 340 }}
/>
Expand Down Expand Up @@ -923,13 +923,10 @@ const MainLayout = (props) => {
</Box>

{elem?.correctAnswer === false ? (
<img
src="https://raw.githubusercontent.com/Sunbird-ALL/all-learner-ai-app/refs/heads/all-1.2-tn-dev/src/assets/wrong.svg"
alt="wrongImage"
/>
<img src={wrongImage} alt="wrongImage" />
) : (
<img
src="https://raw.githubusercontent.com/Sunbird-ALL/all-learner-ai-app/refs/heads/all-1.2-tn-dev/src/assets/correct.svg"
src={correctImage}
alt="correctImage"
/>
)}
Expand All @@ -944,7 +941,9 @@ const MainLayout = (props) => {
minWidth: "100px",
}}
>
{elem.selectedAnswer || "Binocular"}
{elem?.correctOption?.length > 0
? elem.correctOption
: elem.selectedAnswer || "Binocular"}
</span>
</Stack>
))}
Expand All @@ -962,10 +961,7 @@ const MainLayout = (props) => {
justifyContent={"center"}
alignItems={"center"}
>
<img
src="https://raw.githubusercontent.com/Sunbird-ALL/all-learner-ai-app/refs/heads/all-1.2-tn-dev/src/assets/turtle.svg"
alt="turtleImage"
/>
<img src={turtleImage} alt="turtleImage" />
<span
style={{
marginTop: "12px",
Expand Down
17 changes: 11 additions & 6 deletions src/views/Practice/Practice.jsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,8 @@ const Practice = () => {
{
score: score,
message: "all-test-rig-score",
}, window?.location?.ancestorOrigins?.[0] || window.parent.location.origin
},
window?.location?.ancestorOrigins?.[0] || window.parent.location.origin
);
}
};
Expand Down Expand Up @@ -419,10 +420,8 @@ const Practice = () => {
});
}

let userState = Number.isInteger(
Number(resLessons?.result?.result?.lesson)
)
? Number(resLessons.result?.result?.lesson)
let userState = Number.isInteger(Number(resLessons?.result?.lesson))
? Number(resLessons.result?.lesson)
: 0;

// TODO: revisit this - looks like not required
Expand Down Expand Up @@ -713,11 +712,17 @@ const Practice = () => {
"mechanic_1")
? 500
: stringLengths[0];
window.parent.postMessage({ type: "stringLengths", length }, window?.location?.ancestorOrigins?.[0] || window.parent.location.origin);
window.parent.postMessage(
{ type: "stringLengths", length },
window?.location?.ancestorOrigins?.[0] ||
window.parent.location.origin
);
}
}
}, [questions[currentQuestion]]);

console.log(mechanism);

const renderMechanics = () => {
if (!mechanism) {
return (
Expand Down

0 comments on commit 71b7745

Please sign in to comment.