Merge pull request #8 from YunoHost-Apps/main

Support for chrome secure bypass
2024-09-03 18:16:07 +02:00 · 2023-04-18 10:27:14 +02:00 · 2023-04-18 10:27:14 +02:00 · b0429990ad
commit b0429990ad
parent 7440ee2077 641bc56135
9 changed files with 53 additions and 11 deletions
--- a/README.md
+++ b/README.md
@ -27,7 +27,7 @@ With Cookie Aware Cors Proxy, you can call a website not supporting CORS from yo
 - Two engines: a lightweight and one based on chrome to support websites running javascript
-**Shipped version:** 1.0~ynh2
+**Shipped version:** 1.1.11~ynh1
 ## Screenshots
--- a/README_fr.md
+++ b/README_fr.md
@ -27,7 +27,7 @@ With Cookie Aware Cors Proxy, you can call a website not supporting CORS from yo
 - Two engines: a lightweight and one based on chrome to support websites running javascript
-**Version incluse :** 1.0~ynh2
+**Version incluse :** 1.1.11~ynh1
 ## Captures d’écran
--- a/conf/.env
+++ b/conf/.env
@ -3,3 +3,4 @@ CACP_REDIRECT_HOST=https://__DOMAIN__
 CACP_REDIRECT_PATH=__PATH_URL__
 CACP_DEBUG=FALSE
 CACP_LOG=FALSE
 CACP_BYPASS_SANDBOX=__BYPASS_SANDBOX__
--- a/conf/amd64.src
+++ b/conf/amd64.src
@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.1.4/cookie-aware-cors-proxy.tgz
+SOURCE_URL=https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.1.11/cookie-aware-cors-proxy.tgz
-SOURCE_SUM=c56ca989233d4d2f3a2304ec96d979445f97232c8be63d5910d819af66f83ab9
+SOURCE_SUM=93a2564a9d244c0087a8103f68be31ef48d592180f37dd3e496feb438cc7e1c8
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true
--- a/conf/systemd.service
+++ b/conf/systemd.service
@ -32,7 +32,8 @@ ProtectKernelModules=yes
 ProtectKernelTunables=yes
 LockPersonality=yes
 SystemCallArchitectures=native
-SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
+# We need to allow priviledged to enable chromium access to gpu
 SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation
 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
--- a/manifest.json
+++ b/manifest.json
@ -6,7 +6,7 @@
        "en": "An advanced https proxy allowing you to call other websites from your own web application.",
        "fr": "Un proxy https avancé vous permettant d'appeler d'autres sites depuis votre propre application web."
    },
-    "version": "1.0~ynh2",
+    "version": "1.1.11~ynh1",
    "url": "https://github.com/gcollin/cookie-aware-cors-proxy",
    "upstream": {
        "license": "MIT",
--- a/scripts/change_url
+++ b/scripts/change_url
@ -29,6 +29,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
 # Needed for helper "ynh_add_nginx_config"
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 port=$(ynh_app_setting_get --app=$app --key=port)
 install_chromium=$(ynh_app_setting_get --app=$app --key=install_chromium)
 #=================================================
 # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
@ -109,6 +110,20 @@ ynh_script_progression --message="Updating .env configuration..."
 ynh_backup_if_checksum_is_different --file="$final_path/.env"
 domain=$new_domain
 path_url=$new_path
 # We must use chrome sandbox for kernels 5.x, 6.x doesn't need it anymore
 kernel_release=$(uname -r)
 if [[ $kernel_release == 5.* ]]
 then
  bypass_sandbox="TRUE"
  if [ $install_chromium -eq 1 ]
  then
    ynh_print_warn --message="Using non sandboxed chromium as kernel release is less than 6.x"
  fi
 else
  bypass_sandbox="FALSE"
 fi
 ynh_add_config --template=".env" --destination="$final_path/.env"
 # FIXME: this should be handled by the core in the future
--- a/scripts/install
+++ b/scripts/install
@ -208,6 +208,19 @@ ynh_add_nginx_config
 #=================================================
 ynh_script_progression --message="Adding a configuration file..." --weight=1
 # We must use chrome sandbox for kernels 5.x, 6.x doesn't need it anymore
 kernel_release=$(uname -r)
 if [[ $kernel_release == 5.* ]]
 then
  bypass_sandbox="TRUE"
  if [ $install_chromium -eq 1 ]
  then
    ynh_print_warn --message="Using non sandboxed chromium as kernel release is less than 6.x"
  fi
 else
  bypass_sandbox="FALSE"
 fi
 ynh_add_config --template=".env" --destination="$final_path/.env"
 # FIXME: this should be handled by the core in the future
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -104,7 +104,11 @@ complete_install=false
 # Check if we need to clean up old bad installs
 if [ -f "$final_path/package.json" ]; then
  complete_install=true
-  ynh_secure_remove --file="$final_path/*"
+  ynh_secure_remove --file="$final_path"
  mkdir "$final_path"
  chmod 750 "$final_path"
  chmod -R o-rwx "$final_path"
  chown -R $app:$app "$final_path"
 fi
 #=================================================
@ -188,10 +192,18 @@ ynh_add_nginx_config
 #=================================================
 ynh_script_progression --message="Updating a configuration file..." --weight=1
-### Same as during install
+# We must use chrome sandbox for kernels 5.x, 6.x doesn't need it anymore
-###
+kernel_release=$(uname -r)
-### The file will automatically be backed-up if it's found to be manually modified (because
+if [[ $kernel_release == 5.* ]]
-### ynh_add_config keeps track of the file's checksum)
+then
  bypass_sandbox="TRUE"
  if [ $install_chromium -eq 1 ]
  then
    ynh_print_warn --message="Using non sandboxed chromium as kernel release is less than 6.x"
  fi
 else
  bypass_sandbox="FALSE"
 fi
 ynh_add_config --template=".env" --destination="$final_path/.env"