e8fbfb14c1
Add coexistence checks to all enqueue methods to prevent loading both React and Grid.js assets simultaneously. Changes: - ReactAdmin.php: Only enqueue React assets when ?react=1 - Init.php: Skip Grid.js when React active on admin pages - Form.php, Coupon.php, Access.php: Restore classic assets when ?react=0 - Customer.php, Product.php, License.php: Add coexistence checks Now the toggle between Classic and React versions works correctly. Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
117 lines
3.0 KiB
TypeScript
117 lines
3.0 KiB
TypeScript
/**
|
|
* @license
|
|
* Copyright 2016 Google Inc. All rights reserved.
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*
|
|
* @author lwe@google.com (Lukas Weichselbaum)
|
|
*/
|
|
|
|
|
|
/**
|
|
* A CSP Finding is returned by a CSP check and can either reference a directive
|
|
* value or a directive. If a directive value is referenced opt_index must be
|
|
* provided.
|
|
* @unrestricted
|
|
*/
|
|
export class Finding {
|
|
/**
|
|
* @param type Type of the finding.
|
|
* @param description Description of the finding.
|
|
* @param severity Severity of the finding.
|
|
* @param directive The CSP directive in which the finding occurred.
|
|
* @param value The directive value, if exists.
|
|
*/
|
|
constructor(
|
|
public type: Type, public description: string, public severity: Severity,
|
|
public directive: string, public value?: string) {}
|
|
|
|
/**
|
|
* Returns the highest severity of a list of findings.
|
|
* @param findings List of findings.
|
|
* @return highest severity of a list of findings.
|
|
*/
|
|
static getHighestSeverity(findings: Finding[]): Severity {
|
|
if (findings.length === 0) {
|
|
return Severity.NONE;
|
|
}
|
|
|
|
const severities = findings.map((finding) => finding.severity);
|
|
const min = (prev: Severity, cur: Severity) => prev < cur ? prev : cur;
|
|
return severities.reduce(min, Severity.NONE);
|
|
}
|
|
|
|
equals(obj: unknown): boolean {
|
|
if (!(obj instanceof Finding)) {
|
|
return false;
|
|
}
|
|
return obj.type === this.type && obj.description === this.description &&
|
|
obj.severity === this.severity && obj.directive === this.directive &&
|
|
obj.value === this.value;
|
|
}
|
|
}
|
|
|
|
|
|
/**
|
|
* Finding severities.
|
|
*/
|
|
export enum Severity {
|
|
HIGH = 10,
|
|
SYNTAX = 20,
|
|
MEDIUM = 30,
|
|
HIGH_MAYBE = 40,
|
|
STRICT_CSP = 45,
|
|
MEDIUM_MAYBE = 50,
|
|
INFO = 60,
|
|
NONE = 100
|
|
}
|
|
|
|
|
|
/**
|
|
* Finding types for evluator checks.
|
|
*/
|
|
export enum Type {
|
|
// Parser checks
|
|
MISSING_SEMICOLON = 100,
|
|
UNKNOWN_DIRECTIVE,
|
|
INVALID_KEYWORD,
|
|
NONCE_CHARSET = 106,
|
|
|
|
// Security cheks
|
|
MISSING_DIRECTIVES = 300,
|
|
SCRIPT_UNSAFE_INLINE,
|
|
SCRIPT_UNSAFE_EVAL,
|
|
PLAIN_URL_SCHEMES,
|
|
PLAIN_WILDCARD,
|
|
SCRIPT_ALLOWLIST_BYPASS,
|
|
OBJECT_ALLOWLIST_BYPASS,
|
|
NONCE_LENGTH,
|
|
IP_SOURCE,
|
|
DEPRECATED_DIRECTIVE,
|
|
SRC_HTTP,
|
|
|
|
// Strict dynamic and backward compatibility checks
|
|
STRICT_DYNAMIC = 400,
|
|
STRICT_DYNAMIC_NOT_STANDALONE,
|
|
NONCE_HASH,
|
|
UNSAFE_INLINE_FALLBACK,
|
|
ALLOWLIST_FALLBACK,
|
|
IGNORED,
|
|
|
|
// Trusted Types checks
|
|
REQUIRE_TRUSTED_TYPES_FOR_SCRIPTS = 500,
|
|
|
|
// Lighthouse checks
|
|
REPORTING_DESTINATION_MISSING = 600,
|
|
REPORT_TO_ONLY,
|
|
}
|