fleet/frontend/templates/react.ejs

<!DOCTYPE html>
<html>
  <head>
    <meta charset="UTF-8" />
    <meta name="robots" content="noindex" />
    <meta name="viewport" content="width=768" id="viewport-meta-tag" />
    <meta property="csp-nonce" content="{{.CSPNonce}}" />

    <script nonce="{{.CSPNonce}}">
      // If URL contains /device/, set mobile-friendly viewport
      if (window.location.pathname.includes("/device/")) {
        document
          .getElementById("viewport-meta-tag")
          .setAttribute("content", "width=device-width, initial-scale=1.0");
      }
    </script>

    <link
      rel="stylesheet"
      type="text/css"
      href="{{.URLPrefix}}<%= htmlWebpackPlugin.files.css[0] %>"
    />
    <link rel="shortcut icon" href="{{.URLPrefix}}/assets/favicon.ico" />

    <title>Fleet</title>
    <script type="text/javascript" nonce="{{.CSPNonce}}}">
      var urlPrefix = "{{.URLPrefix}}";
    </script>
  </head>
  <body>
    <div id="app"></div>
    <script
      async
      defer
      nonce="{{.CSPNonce}}"
      src="{{.URLPrefix}}<%= htmlWebpackPlugin.files.js[0] %>"
    ></script>
  </body>
</html>
React Base (#61) * Add sensible React base to the app for frontend This PR attempts to "reactify" Kolide and provide a sane development environment that a front-end engineer would probably expect. This PR accomplishes by doing the following: 1. Reorganizes the app into a `server/` and `client/` folders to keep golang logic separated from react logic. 2. Adds an "asset pipeline" via webpack which knows how to build a js and css bundle. 3. Packages up all static assets in a go-bindata file so that the binary remains portable without external file dependencies. 1. Add a Makefile with several targets that will be common in everyday development. For example, we have `serve` target which spins up a nodejs reverse proxy on port 8081 which then watches for changed files, automatically rebuilds the app, and hot loads the new JS/CSS in. Note: Please use `make` to build the app, not `go build` as there are now several things that need to be orchestrated beyond the go code to build the app. * Create build if it doesn't exist, and use `go get` * Improve README to reflect new dev workflow * Document css vars and funcs and use alias paths * makefile and structure modifications 2016-08-10 05:15:44 +00:00			`<!DOCTYPE html>`
Add ability to prefix Fleet URLs (#2112) - Add the server_url_prefix flag for configuring this functionality - Add prefix handling to the server routes - Refactor JS to use appropriate paths from modules - Use JS template to get URL prefix into JS environment - Update webpack config to support prefixing Thanks to securityonion.net for sponsoring the development of this feature. Closes #1661 2019-10-16 23:40:45 +00:00			`<html>`
React Base (#61) * Add sensible React base to the app for frontend This PR attempts to "reactify" Kolide and provide a sane development environment that a front-end engineer would probably expect. This PR accomplishes by doing the following: 1. Reorganizes the app into a `server/` and `client/` folders to keep golang logic separated from react logic. 2. Adds an "asset pipeline" via webpack which knows how to build a js and css bundle. 3. Packages up all static assets in a go-bindata file so that the binary remains portable without external file dependencies. 1. Add a Makefile with several targets that will be common in everyday development. For example, we have `serve` target which spins up a nodejs reverse proxy on port 8081 which then watches for changed files, automatically rebuilds the app, and hot loads the new JS/CSS in. Note: Please use `make` to build the app, not `go build` as there are now several things that need to be orchestrated beyond the go code to build the app. * Create build if it doesn't exist, and use `go get` * Improve README to reflect new dev workflow * Document css vars and funcs and use alias paths * makefile and structure modifications 2016-08-10 05:15:44 +00:00			`<head>`
Remove unnecessary code from react template, add condition to swap viewport for mobile-friendly URLs (#37152) 2025-12-12 17:40:27 +00:00			`<meta charset="UTF-8" />`
			`<meta name="robots" content="noindex" />`
			`<meta name="viewport" content="width=768" id="viewport-meta-tag" />`
Add CSP to fleet(currently disabled - needs frontend work) (#41395) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves #40538 This is the initial iteration of CSP functionality, currently gated behind FLEET_SERVER_ENABLE_CSP. If disabled, no CSP is served. Nonces are still injected into pages however a dummy nonce is used and has no effect. With this setting turned on things break and will be addressed by mainly frontend changes in https://github.com/fleetdm/fleet/issues/41577 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects - [x] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [x] QA'd all new/changed functionality manually --------- Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> 2026-03-12 22:06:54 +00:00			`<meta property="csp-nonce" content="{{.CSPNonce}}" />`
add pendo to sandbox instances (#9191) relates to https://github.com/fleetdm/fleet/issues/9022 add pendo to sandboxes instances - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Manual QA for all new/changed functionality 2023-01-06 14:57:32 +00:00
Add CSP to fleet(currently disabled - needs frontend work) (#41395) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves #40538 This is the initial iteration of CSP functionality, currently gated behind FLEET_SERVER_ENABLE_CSP. If disabled, no CSP is served. Nonces are still injected into pages however a dummy nonce is used and has no effect. With this setting turned on things break and will be addressed by mainly frontend changes in https://github.com/fleetdm/fleet/issues/41577 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects - [x] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [x] QA'd all new/changed functionality manually --------- Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> 2026-03-12 22:06:54 +00:00			`<script nonce="{{.CSPNonce}}">`
Remove unnecessary code from react template, add condition to swap viewport for mobile-friendly URLs (#37152) 2025-12-12 17:40:27 +00:00			`// If URL contains /device/, set mobile-friendly viewport`
			`if (window.location.pathname.includes("/device/")) {`
			`document`
			`.getElementById("viewport-meta-tag")`
			`.setAttribute("content", "width=device-width, initial-scale=1.0");`
			`}`
add pendo to sandbox instances (#9191) relates to https://github.com/fleetdm/fleet/issues/9022 add pendo to sandboxes instances - [x] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [x] Manual QA for all new/changed functionality 2023-01-06 14:57:32 +00:00			`</script>`
add google analytics to sandbox instances (#6941) * add google analytics to sandbox instances * Add serverType variable to frontend handler * update version of html-webpack-plugin Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> 2022-08-01 10:27:12 +00:00
			`<link`
			`rel="stylesheet"`
			`type="text/css"`
			`href="{{.URLPrefix}}<%= htmlWebpackPlugin.files.css[0] %>"`
			`/>`
			`<link rel="shortcut icon" href="{{.URLPrefix}}/assets/favicon.ico" />`
Favicons (#778) * Adding in favicons * Helps if i add the images * Updating apple icon names 2017-01-06 17:28:34 +00:00
Fleet UI: Update page titles (#15983) 2024-01-12 14:27:56 +00:00			`<title>Fleet</title>`
Add CSP to fleet(currently disabled - needs frontend work) (#41395) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves #40538 This is the initial iteration of CSP functionality, currently gated behind FLEET_SERVER_ENABLE_CSP. If disabled, no CSP is served. Nonces are still injected into pages however a dummy nonce is used and has no effect. With this setting turned on things break and will be addressed by mainly frontend changes in https://github.com/fleetdm/fleet/issues/41577 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects - [x] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [x] QA'd all new/changed functionality manually --------- Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> 2026-03-12 22:06:54 +00:00			`<script type="text/javascript" nonce="{{.CSPNonce}}}">`
add google analytics to sandbox instances (#6941) * add google analytics to sandbox instances * Add serverType variable to frontend handler * update version of html-webpack-plugin Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> 2022-08-01 10:27:12 +00:00			`var urlPrefix = "{{.URLPrefix}}";`
Add ability to prefix Fleet URLs (#2112) - Add the server_url_prefix flag for configuring this functionality - Add prefix handling to the server routes - Refactor JS to use appropriate paths from modules - Use JS template to get URL prefix into JS environment - Update webpack config to support prefixing Thanks to securityonion.net for sponsoring the development of this feature. Closes #1661 2019-10-16 23:40:45 +00:00			`</script>`
React Base (#61) * Add sensible React base to the app for frontend This PR attempts to "reactify" Kolide and provide a sane development environment that a front-end engineer would probably expect. This PR accomplishes by doing the following: 1. Reorganizes the app into a `server/` and `client/` folders to keep golang logic separated from react logic. 2. Adds an "asset pipeline" via webpack which knows how to build a js and css bundle. 3. Packages up all static assets in a go-bindata file so that the binary remains portable without external file dependencies. 1. Add a Makefile with several targets that will be common in everyday development. For example, we have `serve` target which spins up a nodejs reverse proxy on port 8081 which then watches for changed files, automatically rebuilds the app, and hot loads the new JS/CSS in. Note: Please use `make` to build the app, not `go build` as there are now several things that need to be orchestrated beyond the go code to build the app. * Create build if it doesn't exist, and use `go get` * Improve README to reflect new dev workflow * Document css vars and funcs and use alias paths * makefile and structure modifications 2016-08-10 05:15:44 +00:00			`</head>`
			`<body>`
			`<div id="app"></div>`
add google analytics to sandbox instances (#6941) * add google analytics to sandbox instances * Add serverType variable to frontend handler * update version of html-webpack-plugin Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> 2022-08-01 10:27:12 +00:00			`<script`
			`async`
			`defer`
Add CSP to fleet(currently disabled - needs frontend work) (#41395) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> Related issue: Resolves #40538 This is the initial iteration of CSP functionality, currently gated behind FLEET_SERVER_ENABLE_CSP. If disabled, no CSP is served. Nonces are still injected into pages however a dummy nonce is used and has no effect. With this setting turned on things break and will be addressed by mainly frontend changes in https://github.com/fleetdm/fleet/issues/41577 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects - [x] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [x] QA'd all new/changed functionality manually --------- Co-authored-by: Gabriel Hernandez <ghernandez345@gmail.com> 2026-03-12 22:06:54 +00:00			`nonce="{{.CSPNonce}}"`
add google analytics to sandbox instances (#6941) * add google analytics to sandbox instances * Add serverType variable to frontend handler * update version of html-webpack-plugin Co-authored-by: Lucas Rodriguez <lucas@fleetdm.com> 2022-08-01 10:27:12 +00:00			`src="{{.URLPrefix}}<%= htmlWebpackPlugin.files.js[0] %>"`
			`></script>`
React Base (#61) * Add sensible React base to the app for frontend This PR attempts to "reactify" Kolide and provide a sane development environment that a front-end engineer would probably expect. This PR accomplishes by doing the following: 1. Reorganizes the app into a `server/` and `client/` folders to keep golang logic separated from react logic. 2. Adds an "asset pipeline" via webpack which knows how to build a js and css bundle. 3. Packages up all static assets in a go-bindata file so that the binary remains portable without external file dependencies. 1. Add a Makefile with several targets that will be common in everyday development. For example, we have `serve` target which spins up a nodejs reverse proxy on port 8081 which then watches for changed files, automatically rebuilds the app, and hot loads the new JS/CSS in. Note: Please use `make` to build the app, not `go build` as there are now several things that need to be orchestrated beyond the go code to build the app. * Create build if it doesn't exist, and use `go get` * Improve README to reflect new dev workflow * Document css vars and funcs and use alias paths * makefile and structure modifications 2016-08-10 05:15:44 +00:00			`</body>`
			`</html>`