From 6c06db8b9c96d214d75802a4aefb590dc3cd0913 Mon Sep 17 00:00:00 2001
From: Sebastian Serth <Sebastian.Serth@hpi.de>
Date: Sat, 13 Apr 2024 18:31:23 +0200
Subject: [PATCH] Extract Bootstrap's inline SVGs to actual resources

Previously, we were required to allow `data:` URLs for img-src in our CSP, since Bootstrap icons were delivered through this mechanism.
---
 config/webpack/webpack.config.js | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/config/webpack/webpack.config.js b/config/webpack/webpack.config.js
index c187dcd1..a55e3da7 100644
--- a/config/webpack/webpack.config.js
+++ b/config/webpack/webpack.config.js
@@ -24,6 +24,17 @@ const envConfig = module.exports = {
     },
     module: {
         rules: [
+            // Extract Bootstrap's inline SVGs to actual resources.
+            // This removes the requirement for `data:` URLs in our CSP
+            // See https://getbootstrap.com/docs/5.3/getting-started/webpack/#extracting-svg-files
+            {
+                mimetype: 'image/svg+xml',
+                scheme: 'data',
+                type: 'asset/resource',
+                generator: {
+                    filename: 'icons/[hash].svg'
+                },
+            },
             erb
         ]
     },