Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Security [HIGH]: CSP wildcards (*.openai.com, *.azure.com), unsafe-inline styles, SVG routes skip CSP #45

New Issue
Closed
opened 2026-04-16 22:05:10 +02:00 by Hartmut · 1 comment
Hartmut commented 2026-04-16 22:05:10 +02:00
Owner
Copy Link
Copy Source

Problem

(1) CSP connect-src whitelists https://*.openai.com https://*.azure.com — wildcard Azure subdomains include user-provisionable storage, massive XSS-exfil surface. (2) style-src 'self' 'unsafe-inline' in all envs — CSS-based exfiltration possible. (3) Middleware matcher excludes SVG/PNG/static from CSP — stored SVG with <script> served via app origin bypasses all CSP protections.

Evidence

  • apps/web/src/middleware.ts:29 — connect-src wildcards
  • apps/web/src/middleware.ts:27 — style-src 'unsafe-inline'
  • apps/web/src/middleware.ts:68 — matcher excludes SVG from CSP path
  • apps/web/next.config.ts:39-76 — base headers apply but CSP only in middleware

Impact

XSS-exfiltration via Azure blob wildcards; CSS-based keystroke/data leak; stored XSS via uploaded SVG served with app origin.

Proposed Fix

(1) Pin connect-src to specific endpoints from system settings; prefer server-side-only AI calls. (2) Move to nonce/hash-based style-src, or keep unsafe-inline with style-src-elem 'self' 'nonce-...'. (3) Add static CSP for /_next/static+SVG in next.config.ts headers, OR serve SVG with Content-Disposition: attachment / rewrite to PNG.

Acceptance Criteria

  • No wildcard domains in connect-src
  • style-src without unsafe-inline OR elem-nonce
  • SVG responses carry CSP header
  • CSP regression test

Parent Epic: #1
Source: Full-Codebase Security Audit 2026-04-16 (A-14, A-15, C-6, C-7)

## Problem (1) CSP `connect-src` whitelists `https://*.openai.com https://*.azure.com` — wildcard Azure subdomains include user-provisionable storage, massive XSS-exfil surface. (2) `style-src 'self' 'unsafe-inline'` in all envs — CSS-based exfiltration possible. (3) Middleware matcher excludes SVG/PNG/static from CSP — stored SVG with `<script>` served via app origin bypasses all CSP protections. ## Evidence - `apps/web/src/middleware.ts:29 — connect-src wildcards` - `apps/web/src/middleware.ts:27 — style-src 'unsafe-inline'` - `apps/web/src/middleware.ts:68 — matcher excludes SVG from CSP path` - `apps/web/next.config.ts:39-76 — base headers apply but CSP only in middleware` ## Impact XSS-exfiltration via Azure blob wildcards; CSS-based keystroke/data leak; stored XSS via uploaded SVG served with app origin. ## Proposed Fix (1) Pin connect-src to specific endpoints from system settings; prefer server-side-only AI calls. (2) Move to nonce/hash-based style-src, or keep unsafe-inline with `style-src-elem 'self' 'nonce-...'`. (3) Add static CSP for `/_next/static`+SVG in next.config.ts headers, OR serve SVG with `Content-Disposition: attachment` / rewrite to PNG. ## Acceptance Criteria - [ ] No wildcard domains in connect-src - [ ] style-src without unsafe-inline OR elem-nonce - [ ] SVG responses carry CSP header - [ ] CSP regression test --- Parent Epic: #1 Source: Full-Codebase Security Audit 2026-04-16 (A-14, A-15, C-6, C-7)
Hartmut added the security label 2026-04-16 22:05:10 +02:00
Hartmut commented 2026-04-17 09:29:04 +02:00
Author
Owner
Copy Link
Copy Source

Resolved in commit d1075af (security: tighten CSP — drop provider wildcards, add object/frame/worker-src).

apps/web/src/middleware.ts::buildCsp() now returns:

  • connect-src 'self' (was 'self' *.openai.com *.azure.com)
  • object-src 'none'
  • frame-src 'none'
  • worker-src 'self' blob:
  • base-uri 'self', form-action 'self'

Verified no browser-side AI fetches exist; all AI calls route through the server. Test coverage in apps/web/src/middleware.test.ts. Residual risk (style-src 'unsafe-inline' still required by Tailwind JIT) documented in docs/security-architecture.md §7.

Resolved in commit d1075af (`security: tighten CSP — drop provider wildcards, add object/frame/worker-src`). `apps/web/src/middleware.ts::buildCsp()` now returns: - `connect-src 'self'` (was `'self' *.openai.com *.azure.com`) - `object-src 'none'` - `frame-src 'none'` - `worker-src 'self' blob:` - `base-uri 'self'`, `form-action 'self'` Verified no browser-side AI fetches exist; all AI calls route through the server. Test coverage in `apps/web/src/middleware.test.ts`. Residual risk (`style-src 'unsafe-inline'` still required by Tailwind JIT) documented in `docs/security-architecture.md` §7.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
cdp
CDP (Client Data Protection) compliance
 epic
Parent/umbrella ticket
 not-applicable
Control does not apply to CapaKraken scope
 security
Security / compliance work
No Label security
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Hartmut
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Hartmut/CapaKraken#45
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?