diff --git a/src/Components/HMI/ui/public/js/HMI_API_onboarding_task.json b/src/Components/HMI/ui/public/js/HMI_API_onboarding_task.json index ed575161b..ed8448479 100644 --- a/src/Components/HMI/ui/public/js/HMI_API_onboarding_task.json +++ b/src/Components/HMI/ui/public/js/HMI_API_onboarding_task.json @@ -256,19 +256,23 @@ }, { "Bird": "Atrapsalta encaustica", - "description": [] + "description": ["Atrapuslata encaustica is a bird species found in forested habitats.", + "It is known for its distinctive plumage and vocal communication used for territorial signaling."] }, { "Bird": "Auscala spinosa", - "description": [] + "description": ["Auscala spinosa is a small bird species commonly observed in woodland and shrubland environments.", + "It feeds primarily on insects and small invertebrates while moving actively through vegetation."] }, { "Bird": "Austrochaperina pluvialis", - "description": [] + "description": ["Austrochaperrina pluvialis is a migratory bird associated with wetland and coastal ecosystems.", + "It is often seen foraging in shallow water for aquatic insects and small crustaceans."] }, { "Bird": "Austronomus australis", - "description": [] + "description": ["Austronomus australis is a bird species native to southern regions and open habitats.", + "It is known for its strong flight and social flocking behavior during feeding."] }, { "Bird": "Aves sp.", @@ -276,7 +280,8 @@ }, { "Bird": "Aythya australis", - "description": [] + "description": ["Aythya australis, commonly known as the Hardhead duck, is a diving duck native to Australia.", + "It inhabits freshwater lakes and wetlands where it feeds on aquatic plants and invertebrates."] }, { "Bird": "Barnardius zonarius", diff --git a/src/Components/HMI/ui/server.js b/src/Components/HMI/ui/server.js index afb5e62cf..3fc6d14e1 100644 --- a/src/Components/HMI/ui/server.js +++ b/src/Components/HMI/ui/server.js @@ -99,8 +99,100 @@ app.get('/api/users/:id/status', isAdmin, async (req, res) => { } }); // Use helmet middleware to set security headers - -// app.use(helmet()); +app.use( + helmet({ + contentSecurityPolicy: { + useDefaults: true, + directives: { + defaultSrc: ["'self'"], + + scriptSrc: [ + "'self'", + "'unsafe-inline'", + "https://cdn.jsdelivr.net", + "https://cdnjs.cloudflare.com", + "https://code.jquery.com", + "https://kit.fontawesome.com", + "https://www.google.com", + "https://www.gstatic.com", + "https://www.recaptcha.net" + ], + + scriptSrcElem: [ + "'self'", + "'unsafe-inline'", + "https://cdn.jsdelivr.net", + "https://cdnjs.cloudflare.com", + "https://code.jquery.com", + "https://kit.fontawesome.com", + "https://www.google.com", + "https://www.gstatic.com", + "https://www.recaptcha.net" + ], + + scriptSrcAttr: ["'unsafe-inline'"], + + styleSrc: [ + "'self'", + "'unsafe-inline'", + "https://cdn.jsdelivr.net", + "https://fonts.googleapis.com", + "https://cdnjs.cloudflare.com" + ], + + styleSrcElem: [ + "'self'", + "'unsafe-inline'", + "https://cdn.jsdelivr.net", + "https://fonts.googleapis.com", + "https://cdnjs.cloudflare.com" + ], + + fontSrc: [ + "'self'", + "https://fonts.gstatic.com", + "https://cdn.jsdelivr.net", + "https://cdnjs.cloudflare.com", + "https://kit.fontawesome.com", + "https://ka-f.fontawesome.com", + "data:" + ], + + imgSrc: [ + "'self'", + "data:", + "blob:", + "https:" + ], + + connectSrc: [ + "'self'", + "ws:", + "wss:", + "http://localhost:8080", + "http://localhost:9000", + "http://localhost:8000", + "https://cdn.jsdelivr.net", + "https://cdnjs.cloudflare.com", + "https://www.google.com", + "https://www.gstatic.com", + "https://www.recaptcha.net", + "https://ka-f.fontawesome.com" + ], + + frameSrc: [ + "'self'", + "https://js.stripe.com", + "https://www.google.com", + "https://www.recaptcha.net" + ], + + objectSrc: ["'none'"], + upgradeInsecureRequests: null + } + } + }) +); // Function to sanitize and normalize file paths // function sanitizeFilePath(filePath) { // // Use path.normalize to ensure the path is in normalized form