diff --git a/.github/workflows/canister-tests.yml b/.github/workflows/canister-tests.yml
index 0b4348bbd7..b32494cb24 100644
--- a/.github/workflows/canister-tests.yml
+++ b/.github/workflows/canister-tests.yml
@@ -50,7 +50,7 @@ jobs:
II_FETCH_ROOT_KEY: 0
II_DUMMY_CAPTCHA: 0
II_DUMMY_AUTH: 0
- II_INSECURE_REQUESTS: 0
+ II_DEV_CSP: 0
# No captcha and fetching the root key, used in (our) tests, backend and
# e2e.
@@ -58,7 +58,7 @@ jobs:
II_FETCH_ROOT_KEY: 1
II_DUMMY_CAPTCHA: 1
II_DUMMY_AUTH: 0
- II_INSECURE_REQUESTS: 0
+ II_DEV_CSP: 0
# Everything disabled, used by third party developers who only care
# about the login flow
@@ -66,7 +66,7 @@ jobs:
II_FETCH_ROOT_KEY: 1
II_DUMMY_CAPTCHA: 1
II_DUMMY_AUTH: 1
- II_INSECURE_REQUESTS: 1
+ II_DEV_CSP: 1
steps:
- uses: actions/checkout@v4
@@ -90,7 +90,7 @@ jobs:
II_FETCH_ROOT_KEY=${{ matrix.II_FETCH_ROOT_KEY }}
II_DUMMY_AUTH=${{ matrix.II_DUMMY_AUTH }}
II_DUMMY_CAPTCHA=${{ matrix.II_DUMMY_CAPTCHA }}
- II_INSECURE_REQUESTS=${{ matrix.II_INSECURE_REQUESTS }}
+ II_DEV_CSP=${{ matrix.II_DEV_CSP }}
II_VERSION=${{ steps.version.outputs.version }}
cache-from: type=gha,scope=cached-stage
# Exports the artefacts from the final stage
@@ -860,7 +860,7 @@ jobs:
II_FETCH_ROOT_KEY: 1
II_DUMMY_CAPTCHA: 1
II_DUMMY_AUTH: 0
- II_INSECURE_REQUESTS: 0
+ II_DEV_CSP: 0
run: ./scripts/build
- run: mv internet_identity.wasm.gz internet_identity_test.wasm.gz
diff --git a/Dockerfile b/Dockerfile
index b95f9de410..16d6a77ae6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -88,7 +88,7 @@ ARG II_VERSION=
ARG II_FETCH_ROOT_KEY=
ARG II_DUMMY_CAPTCHA=
ARG II_DUMMY_AUTH=
-ARG II_INSECURE_REQUESTS=
+ARG II_DEV_CSP=
RUN touch src/*/src/lib.rs
RUN npm ci
diff --git a/README.md b/README.md
index ba89bba486..d030dd30a6 100644
--- a/README.md
+++ b/README.md
@@ -140,7 +140,7 @@ frontend. -->
| `II_FETCH_ROOT_KEY` | When enabled, this instructs the frontend code to fetch the "root key" from the replica.
The Internet Computer (https://ic0.app) uses a private key to sign responses. This private key not being available locally, the (local) replica generates its own. This option effectively tells the Internet Identity frontend to fetch the public key from the replica it connects to. When this option is _not_ enabled, the Internet Identity frontend code will use the (hard coded) public key of the Internet Computer. |
| `II_DUMMY_CAPTCHA` | When enabled, the CAPTCHA challenge (sent by the canister code to the frontend code) is always the known string `"a"`. This is useful for automated testing. |
| `II_DUMMY_AUTH` | When enabled, the frontend code will use a known, stable private key for registering anchors and authenticating. This means that all anchors will have the same public key(s). In particular this bypasses the WebAuthn flows (TouchID, Windows Hello, etc), which simplifies automated testing. |
-| `II_INSECURE_REQUESTS` | When enabled, the 'upgrade-insecure-requests' directive is removed from the content security policy in order to allow local development with Safari. |
+| `II_DEV_CSP` | When enabled, the content security policy is weakend to allow connections to II using HTTP and allow II to connect to localhost (and subdomains) in order to facilitate local development. |
### Flavors
@@ -150,7 +150,7 @@ We offer some pre-built Wasm modules that contain flavors, i.e. sets of features
| --- | --- | :---: |
| Production | This is the production build deployed to https://identity.ic0.app. Includes none of the build features. | [💾](https://github.com/dfinity/internet-identity/releases/latest/download/internet_identity_production.wasm.gz) |
| Test | This flavor is used by Internet Identity's test suite. It fully supports authentication but uses a known CAPTCHA value for test automation. Includes the following features:
II_FETCH_ROOT_KEYII_DUMMY_CAPTCHA
| [💾](https://github.com/dfinity/internet-identity/releases/latest/download/internet_identity_test.wasm.gz) |
-| Development | This flavor contains a version of Internet Identity that effectively performs no checks. It can be useful for external developers who want to integrate Internet Identity in their project and care about the general Internet Identity authentication flow, without wanting to deal with authentication and, in particular, WebAuthentication. Includes the following features:
II_FETCH_ROOT_KEYII_DUMMY_CAPTCHAII_DUMMY_AUTHII_INSECURE_REQUESTS
See the [`using-dev-build`](demos/using-dev-build/README.md) project for an example on how to use this flavor.| [💾](https://github.com/dfinity/internet-identity/releases/latest/download/internet_identity_dev.wasm.gz) |
+| Development | This flavor contains a version of Internet Identity that effectively performs no checks. It can be useful for external developers who want to integrate Internet Identity in their project and care about the general Internet Identity authentication flow, without wanting to deal with authentication and, in particular, WebAuthentication. Includes the following features:
II_FETCH_ROOT_KEYII_DUMMY_CAPTCHAII_DUMMY_AUTHII_DEV_CSP
See the [`using-dev-build`](demos/using-dev-build/README.md) project for an example on how to use this flavor.| [💾](https://github.com/dfinity/internet-identity/releases/latest/download/internet_identity_dev.wasm.gz) |
## Stable Memory Compatibility
diff --git a/scripts/build b/scripts/build
index efad2da09b..413660cfa3 100755
--- a/scripts/build
+++ b/scripts/build
@@ -199,13 +199,12 @@ function build_internet_identity() {
echo "USING DUMMY CAPTCHA"
extra_build_args+=( --features dummy_captcha )
fi
- # This enables the "insecure_requests" feature which disables the content security policy directive
- # 'upgrade-insecure-requests'.
+ # This enables the "dev_csp" feature which weakens the content security policy to facilitate local development.
# WARNING: this MUST be opt-in, because we DO NOT want this in production.
- if [ "${II_INSECURE_REQUESTS:-}" == "1" ]
+ if [ "${II_DEV_CSP:-}" == "1" ]
then
- echo "ALLOWING INSECURE REQUESTS"
- extra_build_args+=( --features insecure_requests )
+ echo "USING DEV CONTENT SECURITY POLICY"
+ extra_build_args+=( --features dev_csp )
fi
# XXX: for bash > 4.4, empty arrays are considered unset, so do some substitution
build_canister "internet_identity" ${extra_build_args[@]+"${extra_build_args[@]}"}
diff --git a/scripts/docker-build b/scripts/docker-build
index 4779aa4c37..dfe2414171 100755
--- a/scripts/docker-build
+++ b/scripts/docker-build
@@ -27,7 +27,7 @@ Environment:
II_FETCH_ROOT_KEY When set to "1", enable the "II_FETCH_ROOT_KEY" feature.
II_DUMMY_CAPTCHA When set to "1", enable the "II_DUMMY_CAPTCHA" feature.
II_DUMMY_AUTH When set to "1", enable the "II_DUMMY_AUTH" feature.
- II_INSECURE_REQUESTS When set to "1", enable the "II_INSECURE_REQUESTS" feature.
+ II_DEV_CSP When set to "1", enable the "II_DEV_CSP" feature.
EOF
}
@@ -70,7 +70,7 @@ function build() {
check_feature "fetchrootkey" "II_FETCH_ROOT_KEY"
check_feature "dummycaptcha" "II_DUMMY_CAPTCHA"
check_feature "dummyauth" "II_DUMMY_AUTH"
- check_feature "insecurerequests" "II_INSECURE_REQUESTS"
+ check_feature "devcsp" "II_DEV_CSP"
docker_build_args+=(--tag "$image_name" .)
diff --git a/src/internet_identity/Cargo.toml b/src/internet_identity/Cargo.toml
index fb706b0549..80b38c2e25 100644
--- a/src/internet_identity/Cargo.toml
+++ b/src/internet_identity/Cargo.toml
@@ -59,6 +59,8 @@ ic-response-verification.workspace = true
# the dummy_captcha feature which ensures the captcha string is always "a"
# (needed for tests)
dummy_captcha = []
-# the insecure requests disables removes the 'upgrade-insecure-requests' directive from the CSP in oder to allow local
-# development with Safari.
-insecure_requests = []
+# The dev_csp feature weakens the CSP in oder to facilitate development with a locally deployed II instance.
+# In particular, this allows
+# * accessing II using http instead of https
+# * II to connect to localhost both on http and https, which is useful when developint a vc issuer
+dev_csp = []
diff --git a/src/internet_identity/src/http.rs b/src/internet_identity/src/http.rs
index 1a04a99088..875377d1bd 100644
--- a/src/internet_identity/src/http.rs
+++ b/src/internet_identity/src/http.rs
@@ -181,9 +181,14 @@ fn content_security_policy_header(integrity_hashes: Vec) -> String {
)
};
+ let connect_src = "'self' https://identity.internetcomputer.org https://icp-api.io https://*.icp0.io https://*.ic0.app";
+
+ // Allow connecting to localhost, including subdomains, on http and https for local development purposes
+ #[cfg(feature = "dev_csp")]
+ let connect_src = format!("{connect_src} http://localhost:* http://*.localhost:* https://localhost:* https://*.localhost:*");
let csp = format!(
"default-src 'none';\
- connect-src 'self' https://identity.internetcomputer.org https://icp-api.io https://*.icp0.io https://*.ic0.app;\
+ connect-src {connect_src};\
img-src 'self' data:;\
script-src {strict_dynamic} 'unsafe-inline' 'unsafe-eval' https:;\
base-uri 'none';\
@@ -193,7 +198,8 @@ fn content_security_policy_header(integrity_hashes: Vec) -> String {
font-src 'self';\
frame-ancestors 'none';"
);
- #[cfg(not(feature = "insecure_requests"))]
+ // for the dev build skip upgrading all connections to II to https
+ #[cfg(not(feature = "dev_csp"))]
let csp = format!("{csp}upgrade-insecure-requests;");
csp
}