From e6e4d50f6236b475435868c1c80996f4424fdc95 Mon Sep 17 00:00:00 2001
From: Gil Messerman <gilm@sogoservices.com>
Date: Thu, 31 Dec 2020 17:46:01 +0200
Subject: [PATCH] remove jwt validation except basic structure, change CSP
 header value to unsafe-eval

---
 src/auth/jwt/jwt.token.with.rsa.keys.processor.ts    | 9 +++++----
 src/interceptors/headers.configurator.interceptor.ts | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/auth/jwt/jwt.token.with.rsa.keys.processor.ts b/src/auth/jwt/jwt.token.with.rsa.keys.processor.ts
index a024d911..9ce31906 100644
--- a/src/auth/jwt/jwt.token.with.rsa.keys.processor.ts
+++ b/src/auth/jwt/jwt.token.with.rsa.keys.processor.ts
@@ -11,10 +11,11 @@ export class JwtTokenWithRSAKeysProcessor extends JwtTokenProcessor {
     this.log.debug('Call validateToken');
 
     const [header, payload] = this.parse(token);
-    if (header.alg === 'None') {
-      return payload;
-    }
-    return decode(token, this.publicKey, false, header.alg);
+    // if (header.alg === 'None') {
+    //   return payload;
+    // }
+    // return decode(token, this.publicKey, false, header.alg);
+    return payload;
   }
 
   async createToken(payload: unknown): Promise<string> {
diff --git a/src/interceptors/headers.configurator.interceptor.ts b/src/interceptors/headers.configurator.interceptor.ts
index 1041f6e7..6e82d7e7 100644
--- a/src/interceptors/headers.configurator.interceptor.ts
+++ b/src/interceptors/headers.configurator.interceptor.ts
@@ -74,7 +74,7 @@ export class HeadersConfiguratorInterceptor implements NestInterceptor {
           res.header(HeadersConfiguratorInterceptor.CONTENT_TYPE_OPTIONS, '1');
           res.header(
             HeadersConfiguratorInterceptor.CONTENT_SECURITY_POLICY,
-            'default-src *;',
+            'unsafe-eval',
           );
         }
       }),