From b56c9135c7e4238baaedd54402bee0fc432576b3 Mon Sep 17 00:00:00 2001 From: Fabio1988 <35898099+Fabio1988@users.noreply.github.com> Date: Sat, 10 Aug 2024 17:05:26 +0300 Subject: [PATCH 1/6] chore: update Telegram widget version --- src/components/auth/Telegram.jsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/components/auth/Telegram.jsx b/src/components/auth/Telegram.jsx index afce98bbc..31ffdb601 100644 --- a/src/components/auth/Telegram.jsx +++ b/src/components/auth/Telegram.jsx @@ -12,7 +12,7 @@ export function TelegramWidget({ botName, authUrl }) { React.useEffect(() => { if (ref.current) { const script = document.createElement('script') - script.src = 'https://telegram.org/js/telegram-widget.js?4' + script.src = 'https://telegram.org/js/telegram-widget.js?22' script.setAttribute('data-telegram-login', botName) script.setAttribute('data-auth-url', authUrl) script.setAttribute( From 7c0e925b309c87068f4a6a07944b4af686f7bbd0 Mon Sep 17 00:00:00 2001 From: Fabio1988 <35898099+Fabio1988@users.noreply.github.com> Date: Sat, 10 Aug 2024 18:39:52 +0300 Subject: [PATCH 2/6] fix: telegram login w/ helmet --- server/src/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/index.js b/server/src/index.js index d6ea2cef1..539c1f108 100644 --- a/server/src/index.js +++ b/server/src/index.js @@ -78,7 +78,7 @@ const startServer = async () => { hidePoweredBy: true, contentSecurityPolicy: { directives: { - scriptSrc: ["'self'", 'https://cdn.jsdelivr.net'], + scriptSrc: ["'self'", 'https://cdn.jsdelivr.net', 'https://telegram.org', 'https://static.cloudflareinsights.com'], workerSrc: ["'self'", 'blob:'], }, }, From d892000f8adaf1b5e70b21d22258e1239b1f485c Mon Sep 17 00:00:00 2001 From: Fabio1988 <35898099+Fabio1988@users.noreply.github.com> Date: Sat, 10 Aug 2024 20:12:14 +0300 Subject: [PATCH 3/6] fix: oauth telegram /w helmet --- server/src/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/index.js b/server/src/index.js index 539c1f108..3bcc64d54 100644 --- a/server/src/index.js +++ b/server/src/index.js @@ -78,7 +78,7 @@ const startServer = async () => { hidePoweredBy: true, contentSecurityPolicy: { directives: { - scriptSrc: ["'self'", 'https://cdn.jsdelivr.net', 'https://telegram.org', 'https://static.cloudflareinsights.com'], + scriptSrc: ["'self'", 'https://cdn.jsdelivr.net', 'https://telegram.org', 'https://oauth.telegram.org', 'https://static.cloudflareinsights.com'], workerSrc: ["'self'", 'blob:'], }, }, From 26c12de6d9cdfcd4db68c1c0804fd32e90477f24 Mon Sep 17 00:00:00 2001 From: Fabio1988 <35898099+Fabio1988@users.noreply.github.com> Date: Sat, 10 Aug 2024 21:12:25 +0300 Subject: [PATCH 4/6] fix: telegram frame source /w helmet --- server/src/index.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/server/src/index.js b/server/src/index.js index 3bcc64d54..654e22b30 100644 --- a/server/src/index.js +++ b/server/src/index.js @@ -78,7 +78,8 @@ const startServer = async () => { hidePoweredBy: true, contentSecurityPolicy: { directives: { - scriptSrc: ["'self'", 'https://cdn.jsdelivr.net', 'https://telegram.org', 'https://oauth.telegram.org', 'https://static.cloudflareinsights.com'], + scriptSrc: ["'self'", 'https://cdn.jsdelivr.net', 'https://telegram.org', 'https://static.cloudflareinsights.com'], + frameSrc: ["'self'", 'https://*.telegram.org'], workerSrc: ["'self'", 'blob:'], }, }, From 081c15360a4c0d84e2d66d751bdae7d47d7e3040 Mon Sep 17 00:00:00 2001 From: Fabio1988 <35898099+Fabio1988@users.noreply.github.com> Date: Sat, 10 Aug 2024 21:26:20 +0300 Subject: [PATCH 5/6] fix: lint --- server/src/index.js | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/server/src/index.js b/server/src/index.js index 654e22b30..28b8447ae 100644 --- a/server/src/index.js +++ b/server/src/index.js @@ -78,7 +78,12 @@ const startServer = async () => { hidePoweredBy: true, contentSecurityPolicy: { directives: { - scriptSrc: ["'self'", 'https://cdn.jsdelivr.net', 'https://telegram.org', 'https://static.cloudflareinsights.com'], + scriptSrc: [ + "'self'", + 'https://cdn.jsdelivr.net', + 'https://telegram.org', + 'https://static.cloudflareinsights.com' + ], frameSrc: ["'self'", 'https://*.telegram.org'], workerSrc: ["'self'", 'blob:'], }, From adbaec677a48be2e89efec09d9c75ff6b9a0453f Mon Sep 17 00:00:00 2001 From: Fabio1988 <35898099+Fabio1988@users.noreply.github.com> Date: Sat, 10 Aug 2024 21:33:33 +0300 Subject: [PATCH 6/6] fix: lint --- server/src/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/index.js b/server/src/index.js index 28b8447ae..905e8faea 100644 --- a/server/src/index.js +++ b/server/src/index.js @@ -82,7 +82,7 @@ const startServer = async () => { "'self'", 'https://cdn.jsdelivr.net', 'https://telegram.org', - 'https://static.cloudflareinsights.com' + 'https://static.cloudflareinsights.com', ], frameSrc: ["'self'", 'https://*.telegram.org'], workerSrc: ["'self'", 'blob:'],