tutanota/buildSrc/LaunchHtml.js

global.window = undefined

function getUrls(env) {
	if (env.staticUrl) {
		const staticUrlParts = env.staticUrl.split("//")
		const apiUrl = staticUrlParts[0] + "//*.api." + staticUrlParts[1]
		return env.staticUrl + " ws" + env.staticUrl.substring(4) + " " + apiUrl
	} else {
		return ""
	}
}

/**
 * Renders the initial HTML page to bootstrap Tutanota for different environments
 */
export async function renderHtml(scripts, env) {
	return `<!DOCTYPE html>
<html>
<head>
	<meta charset="utf-8">
	${csp(env)}
	<meta name="apple-mobile-web-app-capable" content="yes">
	<meta name="mobile-web-app-capable" content="yes">
	<meta name="referrer" content="no-referrer">
	<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, viewport-fit=cover">
	${scripts.map(renderScriptImport).join("\n\t")}
	<!-- TutanotaTags -->
	<title>Mail. Done. Right. Tutanota Login &amp; Sign up for an Ad-free Mailbox</title>
	<meta name="description" content="Mail. Done. Right. Get a free mail account that does not abuse your emails for advertising. Tutanota is fast, easy, secure and free of ads.">
	<link rel="shortcut icon" type="image/x-icon" href="images/logo-favicon-152.png">
	<meta name="application-name" content="Tutanota">
	<link rel="apple-touch-icon" sizes="152x152" href="images/logo-favicon-152.png">
	<link rel="icon" sizes="192x192" href="/images/logo-favicon-192.png">
	<meta name="twitter:card" content="summary">
	<meta name="twitter:site" content="@TutanotaTeam">
	<meta name="twitter:domain" content="tutanota.com">
	<meta name="twitter:image" content="https://tutanota.com/images/share_image.png">
	<meta property="og:site_name" content="Tutanota">
	<meta property="og:title" content="Secure Emails Become a Breeze">
	<meta property="og:description" content="Get your encrypted mailbox for free and show the Internet spies that you won&amp;#39;t make it easy for them! Why? Because you simply can.">
	<meta property="og:locale" content="en_US">
	<meta property="og:url" content="https://tutanota.com/">
	<meta property="og:image" content="https://tutanota.com/images/share_image.png">
	<meta property="article:publisher" content="https://www.facebook.com/tutanota">
	<meta itemprop="name" content="Secure Emails Become a Breeze.">
	<meta itemprop="description" content="Get your encrypted mailbox for free and show the Internet spies that you won&amp;#39;t make it easy for them! Why? Because you simply can.">
	<meta itemprop="image" content="https://tutanota.com/images/share_image.png">
	<meta name="apple-itunes-app" content="app-id=id922429609, affiliate-data=10lSfb">
</head>
<body style="background-color:transparent">
<noscript>This site requires javascript to be enabled. Please activate it in the settings of your browser.</noscript>
</body>
</html>`
}

function csp(env) {
	if (env.dist) {
		if (env.mode === "App" || env.mode === "Desktop") {
			// differences in comparison to web csp:
			// * Content Security Policies delivered via a <meta> element may not contain the frame-ancestors directive.
			const cspContent = "default-src 'none';"
				+ " script-src 'self';"
				+ " child-src 'self';"
				+ " font-src 'self';"
				+ " img-src http: blob: data: *;"
				+ " style-src 'unsafe-inline';"
				+ "base-uri 'none';"
				+ ` connect-src 'self' ${getUrls(env)} https://tutanota.com;`

			return `<meta http-equiv="Content-Security-Policy" content="${cspContent}">`
		} else {
			return ""
		}
	} else {
		const cspContent = "default-src * 'unsafe-inline' 'unsafe-eval';"
			+ " script-src * 'unsafe-inline' 'unsafe-eval';"
			+ " img-src * data: blob: 'unsafe-inline';"
			+ " media-src * data: blob: 'unsafe-inline';"
			+ " style-src * 'unsafe-inline';"
			+ " frame-src *;"
			+ ` connect-src 'self' 'unsafe-inline' ${getUrls(env)} ws://localhost:9001;`

		return `<meta http-equiv="Content-Security-Policy" content="${cspContent}">`
	}
}

function renderScriptImport({src, type}) {
	const typeString = type ? ` type="${type}"` : ""
	return `<script src="${src}"${typeString} defer></script>`
}
imported new tutanota client 2017-08-15 13:54:22 +02:00			`global.window = undefined`

			`function getUrls(env) {`
			`if (env.staticUrl) {`
fix csp for apps and DesktopClients 2022-04-20 11:00:52 +02:00			`const staticUrlParts = env.staticUrl.split("//")`
			`const apiUrl = staticUrlParts[0] + "//*.api." + staticUrlParts[1]`
			`return env.staticUrl + " ws" + env.staticUrl.substring(4) + " " + apiUrl`
imported new tutanota client 2017-08-15 13:54:22 +02:00			`} else {`
			`return ""`
			`}`
			`}`

			`/**`
			`* Renders the initial HTML page to bootstrap Tutanota for different environments`
			`*/`
Use Rollup & Nollup for build 2019-09-13 13:49:11 +02:00			`export async function renderHtml(scripts, env) {`
[build] Fixes for admin client 1. Change getVersion() in nativeLibraryProvider to handle curious `npm list` behavior. 2. Reorganize rollup plugins so that admin client can import our helper plugins without importing rollup plugins from node_modules. This makes it more resilient when we link against local tutanota-3 (libs hoisted to upper level will not be found across the symlink). 3. Change LaunchHtml to not rely on mithril for the same reason. 2022-03-02 13:49:49 +01:00			return `<!DOCTYPE html>
			`<html>`
			`<head>`
			`<meta charset="utf-8">`
			`${csp(env)}`
			`<meta name="apple-mobile-web-app-capable" content="yes">`
			`<meta name="mobile-web-app-capable" content="yes">`
			`<meta name="referrer" content="no-referrer">`
			`<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, viewport-fit=cover">`
fix index.html generator, fix #3964 * `csp` returns null when in dist+Browser mode, which was ok when we rendered index.html, but isn't anymore when we use a template string * the generator for the script tags was also broken, with mismatched double quotes and rogue commas 2022-03-14 17:52:03 +01:00			`${scripts.map(renderScriptImport).join("\n\t")}`
[build] Fixes for admin client 1. Change getVersion() in nativeLibraryProvider to handle curious `npm list` behavior. 2. Reorganize rollup plugins so that admin client can import our helper plugins without importing rollup plugins from node_modules. This makes it more resilient when we link against local tutanota-3 (libs hoisted to upper level will not be found across the symlink). 3. Change LaunchHtml to not rely on mithril for the same reason. 2022-03-02 13:49:49 +01:00			`<!-- TutanotaTags -->`
			`<title>Mail. Done. Right. Tutanota Login & Sign up for an Ad-free Mailbox</title>`
			`<meta name="description" content="Mail. Done. Right. Get a free mail account that does not abuse your emails for advertising. Tutanota is fast, easy, secure and free of ads.">`
			`<link rel="shortcut icon" type="image/x-icon" href="images/logo-favicon-152.png">`
			`<meta name="application-name" content="Tutanota">`
			`<link rel="apple-touch-icon" sizes="152x152" href="images/logo-favicon-152.png">`
			`<link rel="icon" sizes="192x192" href="/images/logo-favicon-192.png">`
			`<meta name="twitter:card" content="summary">`
			`<meta name="twitter:site" content="@TutanotaTeam">`
			`<meta name="twitter:domain" content="tutanota.com">`
			`<meta name="twitter:image" content="https://tutanota.com/images/share_image.png">`
Change LaunchHtml to generate correct meta tags 2022-07-19 15:45:42 +02:00			`<meta property="og:site_name" content="Tutanota">`
			`<meta property="og:title" content="Secure Emails Become a Breeze">`
			`<meta property="og:description" content="Get your encrypted mailbox for free and show the Internet spies that you won&#39;t make it easy for them! Why? Because you simply can.">`
			`<meta property="og:locale" content="en_US">`
			`<meta property="og:url" content="https://tutanota.com/">`
			`<meta property="og:image" content="https://tutanota.com/images/share_image.png">`
			`<meta property="article:publisher" content="https://www.facebook.com/tutanota">`
[build] Fixes for admin client 1. Change getVersion() in nativeLibraryProvider to handle curious `npm list` behavior. 2. Reorganize rollup plugins so that admin client can import our helper plugins without importing rollup plugins from node_modules. This makes it more resilient when we link against local tutanota-3 (libs hoisted to upper level will not be found across the symlink). 3. Change LaunchHtml to not rely on mithril for the same reason. 2022-03-02 13:49:49 +01:00			`<meta itemprop="name" content="Secure Emails Become a Breeze.">`
			`<meta itemprop="description" content="Get your encrypted mailbox for free and show the Internet spies that you won&#39;t make it easy for them! Why? Because you simply can.">`
			`<meta itemprop="image" content="https://tutanota.com/images/share_image.png">`
			`<meta name="apple-itunes-app" content="app-id=id922429609, affiliate-data=10lSfb">`
			`</head>`
			`<body style="background-color:transparent">`
			`<noscript>This site requires javascript to be enabled. Please activate it in the settings of your browser.</noscript>`
			`</body>`
			</html>`
imported new tutanota client 2017-08-15 13:54:22 +02:00			`}`

[build] Fixes for admin client 1. Change getVersion() in nativeLibraryProvider to handle curious `npm list` behavior. 2. Reorganize rollup plugins so that admin client can import our helper plugins without importing rollup plugins from node_modules. This makes it more resilient when we link against local tutanota-3 (libs hoisted to upper level will not be found across the symlink). 3. Change LaunchHtml to not rely on mithril for the same reason. 2022-03-02 13:49:49 +01:00			`function csp(env) {`
Use Rollup & Nollup for build 2019-09-13 13:49:11 +02:00			`if (env.dist) {`
			`if (env.mode === "App" \|\| env.mode === "Desktop") {`
			`// differences in comparison to web csp:`
			`// * Content Security Policies delivered via a <meta> element may not contain the frame-ancestors directive.`
[build] Fixes for admin client 1. Change getVersion() in nativeLibraryProvider to handle curious `npm list` behavior. 2. Reorganize rollup plugins so that admin client can import our helper plugins without importing rollup plugins from node_modules. This makes it more resilient when we link against local tutanota-3 (libs hoisted to upper level will not be found across the symlink). 3. Change LaunchHtml to not rely on mithril for the same reason. 2022-03-02 13:49:49 +01:00			`const cspContent = "default-src 'none';"`
			`+ " script-src 'self';"`
			`+ " child-src 'self';"`
			`+ " font-src 'self';"`
			`+ " img-src http: blob: data: *;"`
			`+ " style-src 'unsafe-inline';"`
			`+ "base-uri 'none';"`
			+ ` connect-src 'self' ${getUrls(env)} https://tutanota.com;`

			return `<meta http-equiv="Content-Security-Policy" content="${cspContent}">`
Use Rollup & Nollup for build 2019-09-13 13:49:11 +02:00			`} else {`
fix index.html generator, fix #3964 * `csp` returns null when in dist+Browser mode, which was ok when we rendered index.html, but isn't anymore when we use a template string * the generator for the script tags was also broken, with mismatched double quotes and rogue commas 2022-03-14 17:52:03 +01:00			`return ""`
Use Rollup & Nollup for build 2019-09-13 13:49:11 +02:00			`}`
Add noscript message. 2018-07-18 16:07:25 +02:00			`} else {`
[build] Fixes for admin client 1. Change getVersion() in nativeLibraryProvider to handle curious `npm list` behavior. 2. Reorganize rollup plugins so that admin client can import our helper plugins without importing rollup plugins from node_modules. This makes it more resilient when we link against local tutanota-3 (libs hoisted to upper level will not be found across the symlink). 3. Change LaunchHtml to not rely on mithril for the same reason. 2022-03-02 13:49:49 +01:00			`const cspContent = "default-src * 'unsafe-inline' 'unsafe-eval';"`
Use Rollup & Nollup for build 2019-09-13 13:49:11 +02:00			`+ " script-src * 'unsafe-inline' 'unsafe-eval';"`
			`+ " img-src * data: blob: 'unsafe-inline';"`
			`+ " media-src * data: blob: 'unsafe-inline';"`
			`+ " style-src * 'unsafe-inline';"`
[build] Fixes for admin client 1. Change getVersion() in nativeLibraryProvider to handle curious `npm list` behavior. 2. Reorganize rollup plugins so that admin client can import our helper plugins without importing rollup plugins from node_modules. This makes it more resilient when we link against local tutanota-3 (libs hoisted to upper level will not be found across the symlink). 3. Change LaunchHtml to not rely on mithril for the same reason. 2022-03-02 13:49:49 +01:00			`+ " frame-src *;"`
			+ ` connect-src 'self' 'unsafe-inline' ${getUrls(env)} ws://localhost:9001;`

			return `<meta http-equiv="Content-Security-Policy" content="${cspContent}">`
Add noscript message. 2018-07-18 16:07:25 +02:00			`}`
			`}`

[build] Fixes for admin client 1. Change getVersion() in nativeLibraryProvider to handle curious `npm list` behavior. 2. Reorganize rollup plugins so that admin client can import our helper plugins without importing rollup plugins from node_modules. This makes it more resilient when we link against local tutanota-3 (libs hoisted to upper level will not be found across the symlink). 3. Change LaunchHtml to not rely on mithril for the same reason. 2022-03-02 13:49:49 +01:00			`function renderScriptImport({src, type}) {`
[build] fix launch html It was generating broken html files for the browser tests. 2022-05-03 13:38:19 +02:00			const typeString = type ? ` type="${type}"` : ""
fix index.html generator, fix #3964 * `csp` returns null when in dist+Browser mode, which was ok when we rendered index.html, but isn't anymore when we use a template string * the generator for the script tags was also broken, with mismatched double quotes and rogue commas 2022-03-14 17:52:03 +01:00			return `<script src="${src}"${typeString} defer></script>`
Use Rollup & Nollup for build 2019-09-13 13:49:11 +02:00			`}`