chore: SECFIND-505 disallow raw access (#199)

altkdf · web-flow · commit e8d055c8d44d · 2025-07-22T16:54:56.000+02:00
To follow the best security practices, this PR disallows access to the frontends of the examples in this repo without checking the certificate. See https://internetcomputer.org/docs/building-apps/frontends/asset-security for further information.
diff --git a/examples/basic_bls_signing/frontend/public/.ic-assets.json5 b/examples/basic_bls_signing/frontend/public/.ic-assets.json5
@@ -5,5 +5,6 @@
     headers: {
       "Content-Security-Policy": "default-src 'self';script-src 'self';connect-src 'self' http://localhost:* https://icp0.io https://*.icp0.io https://icp-api.io;img-src 'self';object-src 'none';base-uri 'self';frame-ancestors 'none';form-action 'self';upgrade-insecure-requests;",
     },
+    allow_raw_access: false
   },
 ]
diff --git a/examples/basic_ibe/frontend/public/.ic-assets.json5 b/examples/basic_ibe/frontend/public/.ic-assets.json5
@@ -5,5 +5,6 @@
         headers: {
             "Content-Security-Policy": "default-src 'self';script-src 'self';connect-src 'self' http://localhost:* https://icp0.io https://*.icp0.io https://icp-api.io;img-src 'self';object-src 'none';base-uri 'self';frame-ancestors 'none';form-action 'self';upgrade-insecure-requests;",
         },
+        allow_raw_access: false
     },
 ]
diff --git a/examples/basic_timelock_ibe/frontend/public/.ic-assets.json5 b/examples/basic_timelock_ibe/frontend/public/.ic-assets.json5
@@ -5,5 +5,6 @@
         headers: {
             "Content-Security-Policy": "default-src 'self';script-src 'self';connect-src 'self' http://localhost:* https://icp0.io https://*.icp0.io https://icp-api.io;img-src 'self';object-src 'none';base-uri 'self';frame-ancestors 'none';form-action 'self';upgrade-insecure-requests;",
         },
+        allow_raw_access: false
     },
 ]
diff --git a/examples/encrypted_notes_dapp_vetkd/frontend/public/.ic-assets.json5 b/examples/encrypted_notes_dapp_vetkd/frontend/public/.ic-assets.json5
@@ -5,5 +5,6 @@
     headers: {
       "Content-Security-Policy": "default-src 'self';script-src 'self';connect-src 'self' http://localhost:* https://icp0.io https://*.icp0.io https://icp-api.io;img-src 'self';style-src * 'unsafe-inline';object-src 'none';base-uri 'self';frame-ancestors 'none';form-action 'self';upgrade-insecure-requests;",
     },
+    allow_raw_access: false
   },
 ]
diff --git a/examples/password_manager/frontend/public/.ic-assets.json5 b/examples/password_manager/frontend/public/.ic-assets.json5
@@ -5,5 +5,6 @@
         headers: {
             "Content-Security-Policy": "default-src 'self';script-src 'self';connect-src 'self' http://localhost:* https://icp0.io https://*.icp0.io https://icp-api.io;img-src 'self' data:;style-src * 'unsafe-inline';object-src 'none';base-uri 'self';frame-ancestors 'none';form-action 'self';upgrade-insecure-requests;",
         },
+        allow_raw_access: false
     },
 ]
diff --git a/examples/password_manager_with_metadata/frontend/public/.ic-assets.json5 b/examples/password_manager_with_metadata/frontend/public/.ic-assets.json5
@@ -5,5 +5,6 @@
         headers: {
             "Content-Security-Policy": "default-src 'self';script-src 'self';connect-src 'self' http://localhost:* https://icp0.io https://*.icp0.io https://icp-api.io;img-src 'self' data:;style-src * 'unsafe-inline';object-src 'none';base-uri 'self';frame-ancestors 'none';form-action 'self';upgrade-insecure-requests;",
         },
+        allow_raw_access: false
     },
 ]

Original file line number	Diff line number	Diff line change
`@@ -5,5 +5,6 @@`
`5`	`5`	`headers: {`
`6`	`6`	`"Content-Security-Policy": "default-src 'self';script-src 'self';connect-src 'self' http://localhost:* https://icp0.io https://*.icp0.io https://icp-api.io;img-src 'self';object-src 'none';base-uri 'self';frame-ancestors 'none';form-action 'self';upgrade-insecure-requests;",`
`7`	`7`	`},`
	`8`	`+ allow_raw_access: false`
`8`	`9`	`},`
`9`	`10`	`]`