|
| 1 | +<template lang="pug"> |
| 2 | +b-modal(id="cors-config-modal" title="Security & CORS" @show="load" @ok="save" :ok-disabled="loading" size="lg") |
| 3 | + div(v-if="config") |
| 4 | + b-alert(show variant="info" class="mb-4") |
| 5 | + h5.alert-heading Require Restart |
| 6 | + p.mb-0 Changing settings in this section requires stopping and restarting the server for the changes to take effect. |
| 7 | + |
| 8 | + b-form-group(label="Fixed CORS origins" label-cols-md=4 description="Configure general CORS origins with exact matches (e.g. http://localhost:8080). Comma-separated.") |
| 9 | + b-input(v-model="corsStr" type="text" :disabled="isFixed('cors')") |
| 10 | + small.text-warning(v-if="isFixed('cors')") |
| 11 | + | ⚠️ Fixed in <code>config.toml</code>. Settings in the configuration file take precedence and cannot be changed here. |
| 12 | + |
| 13 | + b-form-group(label="Regex CORS origins" label-cols-md=4 description="Configure CORS origins with regular expressions. Useful for browser extensions (e.g. chrome-extension://.* or moz-extension://.*). Comma-separated.") |
| 14 | + b-input(v-model="corsRegexStr" type="text" :disabled="isFixed('cors_regex')") |
| 15 | + small.text-warning(v-if="isFixed('cors_regex')") |
| 16 | + | ⚠️ Fixed in <code>config.toml</code>. Settings in the configuration file take precedence and cannot be changed here. |
| 17 | + |
| 18 | + h5.mt-4 Extensions Shortcuts |
| 19 | + b-form-group(label-cols-md=4) |
| 20 | + b-form-checkbox(v-model="editable.cors_allow_aw_chrome_extension" :disabled="isFixed('cors_allow_aw_chrome_extension')") Allow ActivityWatch extension (Chrome) |
| 21 | + template(#description) |
| 22 | + div Chrome extensions use a stable, persistent ID, so the official extension is reliably supported. |
| 23 | + small.text-warning(v-if="isFixed('cors_allow_aw_chrome_extension')") |
| 24 | + | ⚠️ Fixed in <code>config.toml</code>. Settings in the configuration file take precedence and cannot be changed here. |
| 25 | + |
| 26 | + b-form-group(label-cols-md=4) |
| 27 | + b-form-checkbox(v-model="editable.cors_allow_all_mozilla_extension" :disabled="isFixed('cors_allow_all_mozilla_extension')") Allow all Firefox extensions (DANGEROUS) |
| 28 | + template(#description) |
| 29 | + div Every version of a Mozilla extension has its own ID to avoid fingerprinting. This is why you must either allow all extensions or manually configure your specific ID. |
| 30 | + small.text-warning.mb-2.d-block(v-if="isFixed('cors_allow_all_mozilla_extension')") |
| 31 | + | ⚠️ Fixed in <code>config.toml</code>. Settings in the configuration file take precedence and cannot be changed here. |
| 32 | + div.mt-2.text-danger(v-if="editable.cors_allow_all_mozilla_extension") |
| 33 | + | ⚠️ DANGEROUS: Not recommended for security. If enabled, any installed extension can access your ActivityWatch data. Use this only if you know what extensions you have and assume full responsibility. |
| 34 | + div(v-else) |
| 35 | + | Recommended for security. To allow a specific extension safely: |
| 36 | + ol.mt-2.mb-1 |
| 37 | + li Go to <code>about:debugging#/runtime/this-firefox</code> in your browser. |
| 38 | + li Look for your extension and copy the <b>Manifest URL</b> (e.g. <code>moz-extension://4b931c07dededdedff152/manifest.json</code>). |
| 39 | + li Remove <code>manifest.json</code> from the end (to get <code>moz-extension://4b931c07dededdedff152</code>). |
| 40 | + li Paste it into the <b>Regex CORS origins</b> field above (use a comma to separate if not empty). |
| 41 | + |
| 42 | + div(v-else-if="loading") |
| 43 | + p Loading... |
| 44 | +</template> |
| 45 | + |
| 46 | +<script lang="ts"> |
| 47 | +import { useCorsStore } from '~/stores/cors'; |
| 48 | +import { mapState } from 'pinia'; |
| 49 | +
|
| 50 | +export default { |
| 51 | + name: 'CorsConfigModal', |
| 52 | + data() { |
| 53 | + return { |
| 54 | + editable: { |
| 55 | + cors: [] as string[], |
| 56 | + cors_regex: [] as string[], |
| 57 | + cors_allow_aw_chrome_extension: false, |
| 58 | + cors_allow_all_mozilla_extension: false, |
| 59 | + }, |
| 60 | + corsStr: '', |
| 61 | + corsRegexStr: '', |
| 62 | + corsStore: useCorsStore(), |
| 63 | + }; |
| 64 | + }, |
| 65 | + computed: { |
| 66 | + ...mapState(useCorsStore, ['config', 'loading']), |
| 67 | + }, |
| 68 | + watch: { |
| 69 | + config(newVal) { |
| 70 | + if (newVal) { |
| 71 | + this.editable = JSON.parse(JSON.stringify(newVal)); |
| 72 | + this.corsStr = newVal.cors.join(', '); |
| 73 | + this.corsRegexStr = newVal.cors_regex.join(', '); |
| 74 | + } |
| 75 | + }, |
| 76 | + }, |
| 77 | + methods: { |
| 78 | + isFixed(field: string): boolean { |
| 79 | + return this.config?.in_file?.includes(field) || false; |
| 80 | + }, |
| 81 | + async load() { |
| 82 | + await this.corsStore.load(); |
| 83 | + }, |
| 84 | + async save(bvModalEvt: any) { |
| 85 | + bvModalEvt.preventDefault(); |
| 86 | + |
| 87 | + // Parse comma-separated strings back to arrays |
| 88 | + this.editable.cors = this.corsStr.split(',').map(s => s.trim()).filter(s => s !== ''); |
| 89 | + this.editable.cors_regex = this.corsRegexStr.split(',').map(s => s.trim()).filter(s => s !== ''); |
| 90 | +
|
| 91 | + try { |
| 92 | + await this.corsStore.save(this.editable); |
| 93 | + (this as any).$bvModal.hide('cors-config-modal'); |
| 94 | + alert('CORS configuration saved! Please restart the server to apply changes.'); |
| 95 | + } catch (e: any) { |
| 96 | + alert('Failed to save: ' + e.message); |
| 97 | + } |
| 98 | + }, |
| 99 | + }, |
| 100 | +}; |
| 101 | +</script> |
0 commit comments