2013-07-31 03:08:38 +04:00
|
|
|
{
|
2013-11-16 03:19:00 +04:00
|
|
|
"name": "fxa-content-server",
|
2019-01-23 00:29:32 +03:00
|
|
|
"version": "1.129.0",
|
2013-12-04 23:18:07 +04:00
|
|
|
"description": "Firefox Accounts Content Server",
|
2013-07-31 03:08:38 +04:00
|
|
|
"scripts": {
|
2018-02-15 23:52:17 +03:00
|
|
|
"build-production": "NODE_ENV=production grunt build",
|
|
|
|
|
"postinstall": "scripts/download_l10n.sh",
|
2018-03-16 18:47:30 +03:00
|
|
|
"prepush": "npm run lint && grunt sasslint",
|
2018-12-18 20:29:18 +03:00
|
|
|
"shrink": "npmshrink",
|
2018-02-07 18:46:46 +03:00
|
|
|
"lint": "eslint app server tests --cache",
|
2018-09-27 00:09:39 +03:00
|
|
|
"lint:deps": "npm audit --json | audit-filter --nsp-config=.nsprc --audit=-",
|
2015-09-29 01:10:37 +03:00
|
|
|
"start": "node scripts/check-local-config && grunt server",
|
2018-08-23 15:53:32 +03:00
|
|
|
"start-circle": "CONFIG_FILES=server/config/local.json,server/config/production.json,tests/ci/config_circleci.json node_modules/.bin/grunt build && CONFIG_FILES=server/config/local.json,server/config/production.json,tests/ci/config_circleci.json node_modules/.bin/grunt serverproc:dist",
|
2018-02-07 18:46:46 +03:00
|
|
|
"start-production": "NODE_ENV=production grunt build && CONFIG_FILES=server/config/local.json,server/config/production.json grunt serverproc:dist",
|
2017-07-21 19:49:10 +03:00
|
|
|
"start-remote": "scripts/run_remote_dev.sh",
|
2018-01-09 19:29:54 +03:00
|
|
|
"test": "node tests/intern.js --unit=true",
|
2018-07-23 23:31:26 +03:00
|
|
|
"test-circle": "node tests/intern.js --suites=circle --fxaAuthRoot=https://fxaci.dev.lcip.org/auth --fxaEmailRoot=http://restmail.net --fxaOAuthApp=https://oauth-fxaci.dev.lcip.org --fxaUntrustedOauthApp=https://321done-fxaci.dev.lcip.org --fxaProduction=true --bailAfterFirstFailure=true",
|
2018-01-09 19:29:54 +03:00
|
|
|
"test-functional": "node tests/intern.js",
|
|
|
|
|
"test-functional-oauth": "node tests/intern.js --suites=oauth",
|
2018-07-23 23:31:26 +03:00
|
|
|
"test-latest": "node tests/intern.js --fxaAuthRoot=https://latest.dev.lcip.org/auth/v1 --fxaContentRoot=https://latest.dev.lcip.org/ --fxaEmailRoot=http://restmail.net --fxaOAuthApp=https://123done-latest.dev.lcip.org/ --fxaUntrustedOauthApp=https://321done-latest.dev.lcip.org/ --fxaProduction=true --fxaToken=https://token.dev.lcip.org/1.0/sync/1.5",
|
2018-01-09 19:29:54 +03:00
|
|
|
"test-server": "node tests/intern.js --suites=server",
|
|
|
|
|
"test-travis": "node tests/intern.js --suites=travis"
|
2013-07-31 03:08:38 +04:00
|
|
|
},
|
|
|
|
|
"repository": {
|
|
|
|
|
"type": "git",
|
2013-11-16 03:19:00 +04:00
|
|
|
"url": "https://github.com/mozilla/fxa-content-server"
|
2013-07-31 03:08:38 +04:00
|
|
|
},
|
2013-11-16 03:19:00 +04:00
|
|
|
"homepage": "https://github.com/mozilla/fxa-content-server",
|
|
|
|
|
"bugs": "https://github.com/mozilla/fxa-content-server/issues",
|
|
|
|
|
"author": "Mozilla (https://mozilla.org/)",
|
2015-05-23 02:18:44 +03:00
|
|
|
"license": "MPL-2.0",
|
2013-07-31 03:08:38 +04:00
|
|
|
"dependencies": {
|
2018-07-30 20:40:42 +03:00
|
|
|
"autoprefixer": "9.0.1",
|
2018-02-07 18:46:46 +03:00
|
|
|
"babel-core": "6.26.0",
|
|
|
|
|
"babel-loader": "7.1.2",
|
|
|
|
|
"babel-plugin-syntax-dynamic-import": "6.18.0",
|
2018-06-25 23:26:06 +03:00
|
|
|
"babel-plugin-transform-class-properties": "6.24.1",
|
2017-06-20 20:23:09 +03:00
|
|
|
"babel-preset-es2015": "6.24.1",
|
2018-02-15 23:52:17 +03:00
|
|
|
"backbone": "1.1.1",
|
|
|
|
|
"backbone.cocktail": "git://github.com/onsi/cocktail.git#87971c88e2e4f904a0984b5f236ee5dbb21ddb4a",
|
2018-07-11 05:25:53 +03:00
|
|
|
"base32-decode": "1.0.0",
|
2018-10-16 20:34:19 +03:00
|
|
|
"base64url": "3.0.0",
|
2018-02-15 23:52:17 +03:00
|
|
|
"blueimp-canvas-to-blob": "2.1.0",
|
2017-09-28 02:34:48 +03:00
|
|
|
"body-parser": "1.18.2",
|
2017-12-20 19:28:13 +03:00
|
|
|
"celebrate": "7.0.3",
|
2014-05-14 05:55:00 +04:00
|
|
|
"connect-cachify": "0.0.17",
|
2016-12-01 14:43:15 +03:00
|
|
|
"consolidate": "0.14.5",
|
|
|
|
|
"convict": "1.5.0",
|
2016-08-11 15:10:10 +03:00
|
|
|
"cookie-parser": "1.4.3",
|
2017-11-23 22:34:07 +03:00
|
|
|
"cors": "2.8.4",
|
2018-07-30 20:40:42 +03:00
|
|
|
"css-loader": "1.0.0",
|
2018-02-15 23:52:17 +03:00
|
|
|
"duration-js": "3.6.0",
|
2018-04-12 17:35:17 +03:00
|
|
|
"es6-promise": "4.2.4",
|
2018-07-25 22:17:03 +03:00
|
|
|
"expose-loader": "0.7.5",
|
2017-11-23 22:34:07 +03:00
|
|
|
"express": "4.16.2",
|
2017-05-03 22:16:44 +03:00
|
|
|
"extend": "3.0.1",
|
2018-07-30 20:40:42 +03:00
|
|
|
"extract-loader": "2.0.1",
|
|
|
|
|
"file-loader": "1.1.11",
|
2018-06-25 23:26:06 +03:00
|
|
|
"fxa-common-password-list": "0.0.2",
|
2018-06-01 13:00:03 +03:00
|
|
|
"fxa-crypto-relier": "2.3.0",
|
2018-11-05 19:19:20 +03:00
|
|
|
"fxa-geodb": "1.0.4",
|
2018-10-15 20:19:43 +03:00
|
|
|
"fxa-js-client": "1.0.7",
|
2018-02-07 18:46:46 +03:00
|
|
|
"fxa-mustache-loader": "0.0.2",
|
2019-01-18 13:46:10 +03:00
|
|
|
"fxa-shared": "1.0.15",
|
2017-05-03 22:16:44 +03:00
|
|
|
"got": "6.7.1",
|
2018-08-22 15:40:53 +03:00
|
|
|
"grunt": "1.0.3",
|
2016-07-18 14:42:28 +03:00
|
|
|
"grunt-babel": "6.0.0",
|
2016-01-22 19:28:14 +03:00
|
|
|
"grunt-cdn": "0.6.5",
|
2017-05-03 22:16:44 +03:00
|
|
|
"grunt-contrib-clean": "1.1.0",
|
2016-08-11 15:10:10 +03:00
|
|
|
"grunt-contrib-concat": "1.0.1",
|
2016-04-15 18:35:33 +03:00
|
|
|
"grunt-contrib-copy": "1.0.0",
|
2017-05-03 22:16:44 +03:00
|
|
|
"grunt-contrib-cssmin": "2.1.0",
|
2017-09-09 18:23:39 +03:00
|
|
|
"grunt-contrib-htmlmin": "2.4.0",
|
2016-10-31 20:38:51 +03:00
|
|
|
"grunt-file-rev": "1.0.2",
|
2016-04-15 18:35:33 +03:00
|
|
|
"grunt-githash": "0.1.3",
|
|
|
|
|
"grunt-po2json": "git://github.com/shane-tomlinson/grunt-po2json.git#2f415c8",
|
2016-12-01 14:43:15 +03:00
|
|
|
"grunt-remarkable": "1.1.0",
|
2016-02-05 19:45:40 +03:00
|
|
|
"grunt-sri": "0.0.5",
|
2015-07-22 20:17:02 +03:00
|
|
|
"grunt-text-replace": "0.4.0",
|
2015-09-28 05:01:07 +03:00
|
|
|
"grunt-usemin": "3.1.1",
|
2014-02-24 07:22:48 +04:00
|
|
|
"grunt-z-schema": "0.1.0",
|
2017-11-23 22:34:07 +03:00
|
|
|
"handlebars": "4.0.11",
|
2018-07-25 22:17:03 +03:00
|
|
|
"happypack": "5.0.0",
|
2017-09-28 23:41:15 +03:00
|
|
|
"helmet": "3.8.2",
|
2018-10-01 13:12:49 +03:00
|
|
|
"i18n-abide": "0.0.26",
|
2017-05-03 22:16:44 +03:00
|
|
|
"joi": "10.4.1",
|
2018-02-15 23:52:17 +03:00
|
|
|
"jquery": "3.1.0",
|
|
|
|
|
"jquery-modal": "git://github.com/shane-tomlinson/jquery-modal.git#0576775d1b4590314b114386019f4c7421c77503",
|
|
|
|
|
"jquery-simulate": "1.0.2",
|
|
|
|
|
"jquery-ui": "1.12.1",
|
|
|
|
|
"jquery-ui-touch-punch-amd": "1.0.0",
|
|
|
|
|
"js-md5": "0.6.0",
|
2018-10-29 13:19:26 +03:00
|
|
|
"jsxgettext-recursive-next": "1.1.0",
|
2018-02-15 23:52:17 +03:00
|
|
|
"legal-docs": "git://github.com/mozilla/legal-docs.git#master",
|
2016-12-01 14:43:15 +03:00
|
|
|
"load-grunt-tasks": "3.5.2",
|
2018-05-09 09:59:07 +03:00
|
|
|
"lodash": "4.17.5",
|
2018-10-31 11:27:12 +03:00
|
|
|
"mailcheck": "1.1.1",
|
2015-07-22 20:17:02 +03:00
|
|
|
"mkdirp": "0.5.1",
|
2018-02-07 18:46:46 +03:00
|
|
|
"mocha": "4.0.1",
|
2018-11-10 00:19:13 +03:00
|
|
|
"morgan": "1.9.1",
|
2017-11-23 22:34:07 +03:00
|
|
|
"mozlog": "2.2.0",
|
2018-02-07 18:46:46 +03:00
|
|
|
"mustache": "2.3.0",
|
2018-07-30 20:40:42 +03:00
|
|
|
"node-sass": "4.9.2",
|
2016-04-15 00:21:50 +03:00
|
|
|
"node-uap": "git://github.com/vladikoff/node-uap.git#9cdd16247",
|
2018-02-15 23:52:17 +03:00
|
|
|
"node-uuid": "1.4.8",
|
|
|
|
|
"node-vat": "0.0.9",
|
|
|
|
|
"normalize.css": "3.0.1",
|
feat(server): Set security headers on all HTML pages. (#4750) r=@rfk
What is the problem?
The 404 page didn't have x-frame-options, content-security-policy,
and x-robots-tag headers set.
How does this fix it?
Set up the frame-guard, csp, and noindex middlewares to set their
headers on *every* HTML response. This is done by wrapping existing
middlewares that only work with HTML responses in the `onHeaders`
middleware. Using the `onHeaders` middleware, check if the
content-type is HTML, and if so, call the original middleware to
set the header.
Why are all those tests updated?
I updated the unit tests of frame-guard, csp, and noindex to ignore
the onHeaders middleware. Additionally, since we know definitively
the response is HTML, the checks to see if the middleware is applicable
is no longer needed, except for CSP where no CSP headers are set for unit
tests. This allowed me to remove utils.js too.
The unit tests for the x-robots-tag is different, why?
The test for the x-robots tag was done for all "non-JSON" responses,
yet the middleware itself used to check whether the resource
was HTML. I went with the middleware's view of the world and moved
the x-robots-tag check to be done on every html page.
The unit tests also ditch the check for `content-security-policy-rport-only`
Good eye. Those tests *should have been failing*. We have not served
the report-only header for quite a while, which leads me to believe that
the call to csp.isCspRequired was always returning `false`. Instead
of relying upon `csp.isCspRequired`, I encode whether CSP is expected
within the route declarations. Assume CSP is required for all HTML resources,
then add `csp: false` to those that do not.
A combined effort of @g-k and @shane-tomlinson
2017-02-24 15:41:49 +03:00
|
|
|
"on-headers": "1.0.1",
|
2017-08-14 18:39:31 +03:00
|
|
|
"photon-colors": "1.0.3",
|
2018-07-30 20:40:42 +03:00
|
|
|
"postcss-cli": "6.0.0",
|
|
|
|
|
"postcss-loader": "2.1.6",
|
2018-05-15 23:31:37 +03:00
|
|
|
"raven": "2.6.1",
|
2018-02-15 23:52:17 +03:00
|
|
|
"raven-js": "git://github.com/vladikoff/raven-js.git#customEndpoint-3.13.0",
|
2018-07-30 20:40:42 +03:00
|
|
|
"sass-loader": "7.0.3",
|
2017-11-23 22:34:07 +03:00
|
|
|
"serve-static": "1.13.1",
|
2018-10-31 09:56:14 +03:00
|
|
|
"speed-trap": "0.0.8",
|
2016-08-11 15:10:10 +03:00
|
|
|
"time-grunt": "1.4.0",
|
2018-02-15 23:52:17 +03:00
|
|
|
"ua-parser-js": "git://github.com/vladikoff/ua-parser-js.git#fxa-version",
|
2018-07-25 22:17:03 +03:00
|
|
|
"uglifyjs-webpack-plugin": "1.2.7",
|
2018-02-07 18:46:46 +03:00
|
|
|
"underscore": "1.8.3",
|
2018-07-25 22:17:03 +03:00
|
|
|
"webpack": "4.16.1",
|
|
|
|
|
"webpack-cli": "3.1.0",
|
2018-02-15 23:52:17 +03:00
|
|
|
"webrtc-adapter-test": "0.2.5"
|
2014-01-09 23:25:16 +04:00
|
|
|
},
|
|
|
|
|
"devDependencies": {
|
2018-09-27 00:09:39 +03:00
|
|
|
"audit-filter": "0.3.0",
|
2018-02-08 02:13:18 +03:00
|
|
|
"babel-cli": "6.26.0",
|
2018-02-07 18:46:46 +03:00
|
|
|
"babel-eslint": "8.2.1",
|
2018-02-08 02:13:18 +03:00
|
|
|
"babel-plugin-dynamic-import-webpack": "1.0.2",
|
2018-02-15 23:52:17 +03:00
|
|
|
"chai": "1.8.1",
|
2018-08-22 15:40:53 +03:00
|
|
|
"css": "2.2.3",
|
2018-02-07 18:46:46 +03:00
|
|
|
"eslint": "4.16.0",
|
2019-01-22 00:06:46 +03:00
|
|
|
"eslint-plugin-fxa": "git://github.com/mozilla/eslint-plugin-fxa.git#1153ff4bbf7e2c074363253c555fb7f71bac09a1",
|
2015-09-28 12:18:36 +03:00
|
|
|
"eslint-plugin-sorting": "git://github.com/shane-tomlinson/eslint-plugin-sorting.git#bcacb99d",
|
2018-08-23 18:09:28 +03:00
|
|
|
"firefox-profile": "1.2.0",
|
2016-01-26 21:19:26 +03:00
|
|
|
"fxa-conventional-changelog": "1.1.0",
|
2018-09-26 14:34:24 +03:00
|
|
|
"grunt-ban-word": "0.1.1",
|
2016-04-13 18:39:37 +03:00
|
|
|
"grunt-bump": "0.7.0",
|
2018-08-23 18:09:28 +03:00
|
|
|
"grunt-conventional-changelog": "6.1.0",
|
2016-04-13 18:39:37 +03:00
|
|
|
"grunt-copyright": "0.3.0",
|
2018-08-23 18:09:28 +03:00
|
|
|
"grunt-htmllint": "0.3.0",
|
2016-04-13 18:39:37 +03:00
|
|
|
"grunt-jsonlint": "1.0.7",
|
|
|
|
|
"grunt-newer": "1.2.0",
|
2016-05-17 01:32:55 +03:00
|
|
|
"grunt-sass-lint": "0.2.0",
|
2015-07-22 22:53:39 +03:00
|
|
|
"grunt-todo": "0.5.0",
|
2016-01-22 19:28:14 +03:00
|
|
|
"htmlparser2": "3.9.0",
|
2016-04-13 18:39:37 +03:00
|
|
|
"husky": "0.11.4",
|
2018-08-23 18:09:28 +03:00
|
|
|
"install": "0.12.1",
|
2018-10-10 14:50:53 +03:00
|
|
|
"intern": "4.3.1",
|
2018-01-09 19:29:54 +03:00
|
|
|
"leadfoot": "1.7.4",
|
2018-12-18 20:29:18 +03:00
|
|
|
"npmshrink": "2.0.0",
|
2018-03-20 06:29:06 +03:00
|
|
|
"otplib": "7.1.0",
|
2016-04-13 18:39:37 +03:00
|
|
|
"proxyquire": "1.7.4",
|
2018-08-22 04:31:25 +03:00
|
|
|
"request": "2.88.0",
|
|
|
|
|
"request-promise": "4.2.0",
|
2018-04-11 12:33:33 +03:00
|
|
|
"sinon": "4.5.0",
|
2018-07-25 22:17:03 +03:00
|
|
|
"webpack-dev-middleware": "3.1.3",
|
2018-01-09 19:29:54 +03:00
|
|
|
"xmlhttprequest": "git://github.com/zaach/node-XMLHttpRequest.git#onerror",
|
|
|
|
|
"yargs": "10.0.3"
|
2013-12-04 23:55:48 +04:00
|
|
|
},
|
|
|
|
|
"engines": {
|
2018-09-27 00:09:39 +03:00
|
|
|
"node": ">=8",
|
|
|
|
|
"npm": ">=6.4.1"
|
2013-07-31 03:08:38 +04:00
|
|
|
},
|
|
|
|
|
"readmeFilename": "README.md"
|
|
|
|
|
}
|
