Mirrors/stash
1
0
Fork 0
mirror of https://github.com/stashapp/stash.git synced 2025-12-17 20:34:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Plugin assets, external scripts and CSP overrides (#4260)

Browse Source 
* Add assets for plugins
* Move plugin javascript and css into separate endpoints
* Allow loading external scripts
* Add csp overrides
* Only include enabled plugins
* Move URLMap to utils
* Use URLMap for assets
* Add documentation
This commit is contained in:
WithoutPants
2023-11-19 10:41:16 +11:00
committed by GitHub
parent 4dd4c3c658
commit 222475df82
20 changed files with 621 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
ui/v2.5/src/docs/en/Manual/Plugins.md
View File

@@ -43,6 +43,22 @@ ui:
javascript:
- <path to javascript file>
# optional list of assets
assets:
urlPrefix: fsLocation
...
# content-security policy overrides
csp:
script-src:
- http://alloweddomain.com
style-src:
- http://alloweddomain.com
connect-src:
- http://alloweddomain.com
# the following are used for plugin tasks only
exec:
- ...
@@ -56,6 +72,31 @@ The `name`, `description`, `version` and `url` fields are displayed on the plugi
The `exec`, `interface`, `errLog` and `tasks` fields are used only for plugins with tasks.
## UI Configuration
The `css` and `javascript` field values may be relative paths to the plugin configuration file, or
may be full external URLs.
The `assets` field is a map of URL prefixes to filesystem paths relative to the plugin configuration file.
Assets are mounted to the `/plugin/{pluginID}/assets` path.
As an example, for a plugin with id `foo` with the following `assets` value:
```
assets:
foo: bar
root: .
```
The following URLs will be mapped to these locations:
`/plugin/foo/assets/foo/file.txt` -> `{pluginDir}/bar/file.txt`
`/plugin/foo/assets/file.txt` -> `{pluginDir}/file.txt`
`/plugin/foo/assets/bar/file.txt` -> `{pluginDir}/bar/file.txt` (via the `root` entry)
Mappings that try to go outside of the directory containing the plugin configuration file will be
ignored.
The `csp` field contains overrides to the content security policies. The URLs in `script-src`,
`style-src` and `connect-src` will be added to the applicable content security policy.
See [External Plugins](/help/ExternalPlugins.md) for details for making plugins with external tasks.
See [Embedded Plugins](/help/EmbeddedPlugins.md) for details for making plugins with embedded tasks.