From patchwork Tue Sep 11 00:15:44 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@link38.eu>
X-Patchwork-Id: 1916
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.ipfire.org
 [IPv6:2001:470:7183:25::1])
	by web02.i.ipfire.org (Postfix) with ESMTP id 7D00E61A11
	for <patchwork@web02.i.ipfire.org>; Mon, 10 Sep 2018 16:15:51 +0200 (CEST)
Received: from mail01.i.ipfire.org (localhost [IPv6:::1])
	by mail01.ipfire.org (Postfix) with ESMTP id 47959109EBD2;
	Mon, 10 Sep 2018 15:15:50 +0100 (BST)
Received: from mx-nbg.link38.eu (mx-nbg.link38.eu [37.120.167.53])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx-nbg.link38.eu",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mail01.ipfire.org (Postfix) with ESMTPS id 658E5109EBA3
 for <development@lists.ipfire.org>; Mon, 10 Sep 2018 15:15:46 +0100 (BST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=link38.eu; s=201803;
 t=1536588944; h=from:from:sender:reply-to:subject:subject:date:date:
 message-id:message-id:to:to:cc:mime-version:mime-version:
 content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:in-reply-to:
 references; bh=adZ4poC1Wk05LswGeSSi4eQwZ1VfDjFfGVGKReJyOys=;
 b=+1YZBYhmxr475WKEk8Od938WevdSwPQLnjXpFT1qA0xYyMM+edmExcvKgCIuIH89C7WIYY
 w/rW9d7ZvdYCelqRZVtser9kP9m8ylQuwtOiVkkqskm+jHvGvTbVWHalcVwONBh1GkAX6g
 VkoO9w1u9ZCABhvQiKUa+K9Iy2NjkNSpNxHrkSVUCMRASZ1G8KJGLbpnPetGuZRTVWVjQo
 sEVMyapn2677BHnGfuVwZ4tlP2rL3S1F8IMCw0ert/c76FbAdsWlURBW9SgrA6To44vPJM
 oKYrDuS5FgRwGykSYXQWbXeYprAMzEBQnKGhvWYReTYfgiTexDSxn9KOLEeGqA==
From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@link38.eu>
To: development@lists.ipfire.org
Subject: [PATCH v5] embed background image in redirect template
Date: Mon, 10 Sep 2018 16:15:44 +0200
Message-Id: <20180910141544.4669-1-peter.mueller@link38.eu>
MIME-Version: 1.0
Authentication-Results: mail01.ipfire.org; dkim=pass header.d=link38.eu;
 dmarc=pass (policy=none) header.from=link38.eu;
 spf=pass smtp.mailfrom=peter.mueller@link38.eu
X-Spamd-Result: default: False [-11.54 / 11.00]; ARC_NA(0.00)[];
 R_DKIM_ALLOW(-0.20)[link38.eu]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:37.120.167.53];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1];
 DKIM_TRACE(0.00)[link38.eu:+];
 RCVD_IN_DNSWL_MED(-2.00)[53.167.120.37.list.dnswl.org : 127.0.6.2];
 MID_CONTAINS_FROM(1.00)[];
 MX_GOOD(-0.01)[cached: mx-nbg.link38.eu];
 DMARC_POLICY_ALLOW(-0.25)[link38.eu,none];
 NEURAL_HAM(-3.00)[-0.999,0]; RCVD_COUNT_ZERO(0.00)[0];
 FROM_EQ_ENVFROM(0.00)[];
 IP_SCORE(-3.78)[ip: (-9.91), ipnet: 37.120.160.0/19(-4.96), asn:
 197540(-3.96), country: DE(-0.09)];
 ASN(0.00)[asn:197540, ipnet:37.120.160.0/19, country:DE];
 RCVD_TLS_ALL(0.00)[]; BAYES_HAM(-3.00)[100.00%];
 HAS_DATA_URI(0.00)[]
X-Spam-Status: No, score=-11.54
X-Rspamd-Server: mail01.i.ipfire.org
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <https://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Embed the IPFire background image into the redirect template
directly via CSS instead of loading it from somewhere else.
This is necessary because of Content Security Policy (CSP).

This patch inserts the base64 encoded image during build so
nothing needs to be updated twice in case background image
changes.

It supersedes first to fourth version of this patch and has
been successfully tested during a clean build.

Fixes #11650

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
---
 html/html/redirect-templates/legacy/template.html | 7 ++++++-
 lfs/web-user-interface                            | 5 +++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/html/html/redirect-templates/legacy/template.html b/html/html/redirect-templates/legacy/template.html
index b5fb61ebe..297561e3a 100644
--- a/html/html/redirect-templates/legacy/template.html
+++ b/html/html/redirect-templates/legacy/template.html
@@ -3,11 +3,16 @@
 	<head>
 		<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> 
 		<title>ACCESS MESSAGE</title>
+		<style content="text/css">
+			td.image {
+				background-image: url(data:image/gif;base64,IMAGEDATAPLACEHOLDER);
+			}
+		</style>
 	</head>
 	<body>
 		<table width="100%" height='100%' border="0">
 			<tr>
-				<td colspan='3' width='100%' height='130' align="center" background="<TMPL_VAR NAME="ADDRESS">/images/background.gif">
+				<td colspan='3' width='100%' height='152px' align="center" class="image">&nbsp;</td>
 			<tr>
 				<td width='10%'>
 				<td align='center' bgcolor='#CC000000' width='80%'>
diff --git a/lfs/web-user-interface b/lfs/web-user-interface
index 0c5688252..73aec3a8d 100644
--- a/lfs/web-user-interface
+++ b/lfs/web-user-interface
@@ -55,6 +55,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	mkdir -p /var/updatecache/{download,metadata}
 	cp -aR $(DIR_SRC)/html/* /srv/web/ipfire
 
+	# Add base64 encoded background image to Squid content access page
+	basedata="$$( base64 $(DIR_SRC)/html/html/images/background.gif | tr -d '\n' )"; \
+		sed -i "s|IMAGEDATAPLACEHOLDER|$${basedata}|g" \
+		/srv/web/ipfire/html/redirect-templates/legacy/template.html
+
 	# Change CONFIG_ROOT in cgi-scripts
 	for i in /srv/web/ipfire/cgi-bin/{*,logs.cgi/*,vpn.cgi/*}; do \
 	    if [ -f $$i ]; then \