<%=intl._t("I2P Bandwidth Configuration")%>
diff --git a/apps/routerconsole/jsp/configadvanced.jsp b/apps/routerconsole/jsp/configadvanced.jsp index 16c28c565..0ebf056ab 100644 --- a/apps/routerconsole/jsp/configadvanced.jsp +++ b/apps/routerconsole/jsp/configadvanced.jsp @@ -2,16 +2,12 @@ <%@page trimDirectiveWhitespaces="true"%> <%@page pageEncoding="UTF-8"%> - <%@include file="css.jsi" %> <%=intl.title("config advanced")%> - <%@include file="summaryajax.jsi" %> - - + <%@include file="summary.jsi" %> -<%=intl._t("I2P Router Family Configuration")%>
diff --git a/apps/routerconsole/jsp/confighome.jsp b/apps/routerconsole/jsp/confighome.jsp index a621e307d..9b91ba5d6 100644 --- a/apps/routerconsole/jsp/confighome.jsp +++ b/apps/routerconsole/jsp/confighome.jsp @@ -1,7 +1,6 @@ <%@page contentType="text/html"%> <%@page pageEncoding="UTF-8"%> - <%@include file="css.jsi" %> <%=intl.title("config home")%> @@ -12,10 +11,8 @@ input.default { visibility: hidden; } - <%@include file="summaryajax.jsi" %> - - + <%@include file="summary.jsi" %><%=intl._t("I2P Home Page Configuration")%>
diff --git a/apps/routerconsole/jsp/configi2cp.jsp b/apps/routerconsole/jsp/configi2cp.jsp
index 29eba95fb..cab3dfa0f 100644
--- a/apps/routerconsole/jsp/configi2cp.jsp
+++ b/apps/routerconsole/jsp/configi2cp.jsp
@@ -1,7 +1,6 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
-
<%@include file="css.jsi" %>
<%=intl.title("config clients")%>
@@ -11,12 +10,9 @@ button span.hide{
}
input.default { width: 1px; height: 1px; visibility: hidden; }
-
<%@include file="summaryajax.jsi" %>
-
-
+
<%@include file="summary.jsi" %>
-
" />
diff --git a/apps/routerconsole/jsp/configkeyring.jsp b/apps/routerconsole/jsp/configkeyring.jsp
index 903c3acf2..b80007781 100644
--- a/apps/routerconsole/jsp/configkeyring.jsp
+++ b/apps/routerconsole/jsp/configkeyring.jsp
@@ -1,14 +1,11 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
-
<%@include file="css.jsi" %>
<%=intl.title("config keyring")%>
-
<%@include file="summaryajax.jsi" %>
-
-
+
<%@include file="summary.jsi" %>
<%=intl._t("I2P Keyring Configuration")%>
diff --git a/apps/routerconsole/jsp/configlogging.jsp b/apps/routerconsole/jsp/configlogging.jsp
index c374032d2..906abb6fb 100644
--- a/apps/routerconsole/jsp/configlogging.jsp
+++ b/apps/routerconsole/jsp/configlogging.jsp
@@ -2,16 +2,13 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
-
<%@include file="css.jsi" %>
<%=intl.title("config logging")%>
-
<%@include file="summaryajax.jsi" %>
-
+
<%=intl._t("I2P Logging Configuration")%>
diff --git a/apps/routerconsole/jsp/confignet.jsp b/apps/routerconsole/jsp/confignet.jsp
index 003eb63c3..2c93d86f0 100644
--- a/apps/routerconsole/jsp/confignet.jsp
+++ b/apps/routerconsole/jsp/confignet.jsp
@@ -1,16 +1,12 @@
<%@page contentType="text/html" %>
<%@page pageEncoding="UTF-8"%>
-
<%@include file="css.jsi" %>
<%=intl.title("config networking")%>
-
<%@include file="summaryajax.jsi" %>
-
-
+
<%@include file="summary.jsi" %>
-
<%=intl._t("I2P Network Configuration")%>
diff --git a/apps/routerconsole/jsp/configpeer.jsp b/apps/routerconsole/jsp/configpeer.jsp index b433027e2..a222c005e 100644 --- a/apps/routerconsole/jsp/configpeer.jsp +++ b/apps/routerconsole/jsp/configpeer.jsp @@ -4,9 +4,8 @@ <%@include file="css.jsi" %> <%=intl.title("config peers")%> - <%@include file="summaryajax.jsi" %> - + <%@include file="summary.jsi" %><%=intl._t("I2P Peer Configuration")%>
diff --git a/apps/routerconsole/jsp/configplugins.jsp b/apps/routerconsole/jsp/configplugins.jsp
index 27adbd632..c6bb9ca50 100644
--- a/apps/routerconsole/jsp/configplugins.jsp
+++ b/apps/routerconsole/jsp/configplugins.jsp
@@ -1,7 +1,6 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
-
<%@include file="css.jsi" %>
<%=intl.title("config plugins")%>
@@ -11,12 +10,9 @@ button span.hide{
}
input.default { width: 1px; height: 1px; visibility: hidden; }
-
<%@include file="summaryajax.jsi" %>
-
-
+
<%@include file="summary.jsi" %>
-
" />
diff --git a/apps/routerconsole/jsp/configreseed.jsp b/apps/routerconsole/jsp/configreseed.jsp
index 728d3862b..e75301ab5 100644
--- a/apps/routerconsole/jsp/configreseed.jsp
+++ b/apps/routerconsole/jsp/configreseed.jsp
@@ -1,16 +1,12 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
-
<%@include file="css.jsi" %>
<%=intl.title("config reseeding")%>
-
<%@include file="summaryajax.jsi" %>
-
-
+
<%@include file="summary.jsi" %>
-
<%=intl._t("I2P Reseeding Configuration")%>
diff --git a/apps/routerconsole/jsp/configservice.jsp b/apps/routerconsole/jsp/configservice.jsp index eeccee022..940635a6b 100644 --- a/apps/routerconsole/jsp/configservice.jsp +++ b/apps/routerconsole/jsp/configservice.jsp @@ -1,14 +1,11 @@ <%@page contentType="text/html"%> <%@page pageEncoding="UTF-8"%> - <%@include file="css.jsi" %> <%=intl.title("config service")%> - <%@include file="summaryajax.jsi" %> - - + <%@include file="summary.jsi" %><%=intl._t("I2P Service Configuration")%>
diff --git a/apps/routerconsole/jsp/configsidebar.jsp b/apps/routerconsole/jsp/configsidebar.jsp
index ea071841b..ff2d01699 100644
--- a/apps/routerconsole/jsp/configsidebar.jsp
+++ b/apps/routerconsole/jsp/configsidebar.jsp
@@ -1,7 +1,6 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
-
<%@include file="css.jsi" %>
<%=intl.title("config sidebar")%>
@@ -12,10 +11,8 @@ input.default {
visibility: hidden;
}
-
<%@include file="summaryajax.jsi" %>
-
-
+
<%@include file="summary.jsi" %>
<%=intl._t("I2P Sidebar Configuration")%>
diff --git a/apps/routerconsole/jsp/configstats.jsp b/apps/routerconsole/jsp/configstats.jsp
index dc65311d0..7dd5bfc21 100644
--- a/apps/routerconsole/jsp/configstats.jsp
+++ b/apps/routerconsole/jsp/configstats.jsp
@@ -2,14 +2,13 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
-
<%@include file="css.jsi" %>
+<%@include file="csp-unsafe.jsi" %>
<%=intl.title("config stats")%>
-
<%@include file="summaryajax.jsi" %>
-
<%@include file="summaryajax.jsi" %>
-
-
+
<%@include file="summary.jsi" %>
-
<%=intl._t("I2P Tunnel Configuration")%>
diff --git a/apps/routerconsole/jsp/configui.jsp b/apps/routerconsole/jsp/configui.jsp index 3f8b3a6e8..6caccc6d0 100644 --- a/apps/routerconsole/jsp/configui.jsp +++ b/apps/routerconsole/jsp/configui.jsp @@ -2,7 +2,6 @@ <%@page trimDirectiveWhitespaces="true"%> <%@page pageEncoding="UTF-8"%> - <%@include file="css.jsi" %> <%=intl.title("config UI")%> @@ -13,12 +12,9 @@ input.default { visibility: hidden; } - <%@include file="summaryajax.jsi" %> - - + <%@include file="summary.jsi" %> -<%=intl._t("I2P Update Configuration")%>
diff --git a/apps/routerconsole/jsp/configwebapps.jsp b/apps/routerconsole/jsp/configwebapps.jsp
index 2b563283c..f379a12c6 100644
--- a/apps/routerconsole/jsp/configwebapps.jsp
+++ b/apps/routerconsole/jsp/configwebapps.jsp
@@ -1,7 +1,6 @@
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
-
<%@include file="css.jsi" %>
<%=intl.title("config webapps")%>
@@ -11,12 +10,9 @@ button span.hide{
}
input.default { width: 1px; height: 1px; visibility: hidden; }
-
<%@include file="summaryajax.jsi" %>
-
-
+
<%@include file="summary.jsi" %>
-
" />
diff --git a/apps/routerconsole/jsp/console.jsp b/apps/routerconsole/jsp/console.jsp
index 3ed8353ce..446e51b85 100644
--- a/apps/routerconsole/jsp/console.jsp
+++ b/apps/routerconsole/jsp/console.jsp
@@ -2,19 +2,15 @@
<%@page trimDirectiveWhitespaces="true"%>
<%@page pageEncoding="UTF-8"%>
-
<%@include file="css.jsi" %>
<%=intl.title("home")%>
-
<%@include file="summaryajax.jsi" %>
-
+
<%
String consoleNonce = net.i2p.router.web.CSSHelper.getNonce();
%>
-
<%@include file="summary.jsi" %>
-
<%=intl._t("I2P Router Console")%>
<%
diff --git a/apps/routerconsole/jsp/csp-unsafe.jsi b/apps/routerconsole/jsp/csp-unsafe.jsi
new file mode 100644
index 000000000..720a26a17
--- /dev/null
+++ b/apps/routerconsole/jsp/csp-unsafe.jsi
@@ -0,0 +1,4 @@
+<%
+ // Add this AFTER css.jsi if there's any onclick attributes in the page
+ response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; media-src 'none'");
+%>
diff --git a/apps/routerconsole/jsp/css.jsi b/apps/routerconsole/jsp/css.jsi
index 2687e532e..0550b226f 100644
--- a/apps/routerconsole/jsp/css.jsi
+++ b/apps/routerconsole/jsp/css.jsi
@@ -34,10 +34,14 @@
images/favicon.ico"><%
response.setHeader("Accept-Ranges", "none");
+ String cspNonce = Integer.toHexString(net.i2p.util.RandomSource.getInstance().nextInt());
+
// clickjacking
if (intl.shouldSendXFrame()) {
response.setHeader("X-Frame-Options", "SAMEORIGIN");
- response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");
+ // unsafe-inline is a fallback for browsers not supporting nonce
+ // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src
+ response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'nonce-" + cspNonce + "'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; media-src 'none'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
}
diff --git a/apps/routerconsole/jsp/debug.jsp b/apps/routerconsole/jsp/debug.jsp
index c93986352..cdbaa8456 100644
--- a/apps/routerconsole/jsp/debug.jsp
+++ b/apps/routerconsole/jsp/debug.jsp
@@ -9,9 +9,8 @@
%>
I2P Router Console - Debug
<%@include file="css.jsi" %>
-
<%@include file="summaryajax.jsi" %>
-
+
<%@include file="summary.jsi" %>
Router Debug
diff --git a/apps/routerconsole/jsp/dns.jsp b/apps/routerconsole/jsp/dns.jsp
index 6a3021424..3826be399 100644
--- a/apps/routerconsole/jsp/dns.jsp
+++ b/apps/routerconsole/jsp/dns.jsp
@@ -21,24 +21,21 @@
} else {
%>
-
<%@include file="css.jsi" %>
+<%@include file="csp-unsafe.jsi" %>
<%=intl.title("addressbook")%>
-
-
+
<%@include file="summaryajax.jsi" %>
-
-
-
+
<%@include file="summary.jsi" %>
-
<%=intl._t("I2P Addressbook")%> ">