Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Automate Firebase JSON generation with dynamic CSP integration #80

Merged
merged 1 commit into from
Dec 8, 2024

Conversation

warnyul
Copy link
Owner

@warnyul warnyul commented Dec 8, 2024

  • New Features:

    • Added generate-firebase-json.js to dynamically inject CSP policies into firebase.json based on generated headers.
    • Created transformer-firebase.js to streamline Firebase hosting configuration with environment-aware headers.
  • Enhancements:

    • Updated CspHtmlWebpackPlugin configuration:
      • Enabled sha384 hashing for improved security.
      • Added nonce support for script-src and style-src directives.
      • Integrated custom processing function (generateFirebaseJson) for dynamic CSP handling.
    • Removed static firebase.json and automated its generation during builds.
    • Updated .gitignore to exclude firebase.json from tracking.
  • Impact:

    • Simplifies Firebase deployment workflows by removing the need for manual firebase.json updates.
    • Improves security with dynamically generated CSP headers and nonce-based policies.

Copy link

github-actions bot commented Dec 8, 2024

Visit the preview URL for this PR (updated for commit e417097):

https://bvarga-fe600--pr80-csp-header-50dyxt57.web.app

(expires Sun, 15 Dec 2024 21:27:41 GMT)

🔥 via Firebase Hosting GitHub Action 🌎

Sign: a3b1098a9eaf0750a134a339972f1df2a3969a8d

- **New Features**:
  - Added `generate-firebase-json.js` to dynamically inject CSP policies into `firebase.json` based on generated headers.
  - Created `transformer-firebase.js` to streamline Firebase hosting configuration with environment-aware headers.

- **Enhancements**:
  - Updated `CspHtmlWebpackPlugin` configuration:
    - Enabled `sha384` hashing for improved security.
    - Added nonce support for `script-src` and `style-src` directives.
    - Integrated custom processing function (`generateFirebaseJson`) for dynamic CSP handling.
  - Removed static `firebase.json` and automated its generation during builds.
  - Updated `.gitignore` to exclude `firebase.json` from tracking.

- **Impact**:
  - Simplifies Firebase deployment workflows by removing the need for manual `firebase.json` updates.
  - Improves security with dynamically generated CSP headers and nonce-based policies.
@warnyul warnyul changed the title feat: Automate Firebase configuration and enhance CSP generation feat: Automate Firebase JSON generation with dynamic CSP integration Dec 8, 2024
@warnyul warnyul merged commit a7787e7 into main Dec 8, 2024
2 checks passed
@warnyul warnyul deleted the csp-header branch December 8, 2024 21:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant