fix(auth,frontend): secure cookie HTTP fix, technique links y CSP
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
- auth: desacopla SECURE_COOKIES de AEGIS_ENV para que el login funcione sobre HTTP (SECURE_COOKIES=false en servidor local) - TechniqueCell: button -> Link para href real (right-click, a11y) - TechniquesPage: añade Link en celda MITRE ID en vista lista - nginx CSP: amplía connect-src con ws:/wss: para evitar bloqueos Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
kitos
@@ -14,7 +14,7 @@ server {
|
||||
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
|
||||
# CSP: allow self + inline styles (React build) + data: URIs for fonts/images
|
||||
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';" always;
|
||||
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' ws: wss:; frame-ancestors 'none'; base-uri 'self'; form-action 'self';" always;
|
||||
|
||||
# Hide Nginx version
|
||||
server_tokens off;
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
import { useNavigate } from "react-router-dom";
|
||||
import { Link } from "react-router-dom";
|
||||
import { AlertTriangle } from "lucide-react";
|
||||
import type { TechniqueStatus } from "../types/models";
|
||||
|
||||
@@ -48,18 +48,13 @@ export default function TechniqueCell({
|
||||
status,
|
||||
reviewRequired = false,
|
||||
}: TechniqueCellProps) {
|
||||
const navigate = useNavigate();
|
||||
const colors = statusColors[status] || statusColors.not_evaluated;
|
||||
|
||||
const handleClick = () => {
|
||||
navigate(`/techniques/${mitreId}`);
|
||||
};
|
||||
|
||||
return (
|
||||
<button
|
||||
onClick={handleClick}
|
||||
<Link
|
||||
to={`/techniques/${mitreId}`}
|
||||
className={`
|
||||
relative w-full rounded-md border p-2 text-left transition-all
|
||||
relative block w-full rounded-md border p-2 text-left transition-all
|
||||
hover:scale-[1.02] hover:shadow-lg hover:z-10
|
||||
${colors.bg} ${colors.border}
|
||||
`}
|
||||
@@ -73,6 +68,6 @@ export default function TechniqueCell({
|
||||
<p className="mt-0.5 truncate text-xs text-gray-300" title={name}>
|
||||
{name}
|
||||
</p>
|
||||
</button>
|
||||
</Link>
|
||||
);
|
||||
}
|
||||
|
||||
@@ -4,7 +4,7 @@ import { Loader2, AlertCircle, Filter, X, Grid3X3, List } from "lucide-react";
|
||||
import { getTechniques, type TechniqueSummary } from "../api/techniques";
|
||||
import AttackMatrix from "../components/AttackMatrix";
|
||||
import type { TechniqueStatus } from "../types/models";
|
||||
import { useNavigate } from "react-router-dom";
|
||||
import { useNavigate, Link } from "react-router-dom";
|
||||
|
||||
const STATUS_OPTIONS: { value: TechniqueStatus | "all"; label: string; color: string }[] = [
|
||||
{ value: "all", label: "All Statuses", color: "text-gray-400" },
|
||||
@@ -224,7 +224,13 @@ export default function TechniquesPage() {
|
||||
className="cursor-pointer border-b border-gray-800/50 hover:bg-gray-800/50 transition-colors"
|
||||
>
|
||||
<td className="px-4 py-3">
|
||||
<span className="font-mono text-cyan-400">{tech.mitre_id}</span>
|
||||
<Link
|
||||
to={`/techniques/${tech.mitre_id}`}
|
||||
onClick={(e) => e.stopPropagation()}
|
||||
className="font-mono text-cyan-400 hover:underline"
|
||||
>
|
||||
{tech.mitre_id}
|
||||
</Link>
|
||||
</td>
|
||||
<td className="px-4 py-3 text-gray-200">{tech.name}</td>
|
||||
<td className="px-4 py-3">
|
||||
|
||||
Reference in New Issue
Block a user