web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

make wss CSP headers configurable again

Browse Source
This commit is contained in:
ansuz 2016-10-12 13:03:36 +02:00
parent 40bac1df55
commit 0fe62f8c75
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
config.js.dist
View File

@ -25,6 +25,11 @@ module.exports = {
*/ */
//websocketPort: 3000, //websocketPort: 3000,
/* If Cryptpad is proxied without using https, the server needs to know.
* Specify 'useSecureWebsockets: true' so that it can send
* Content Security Policy Headers that prevent http and https from mixing
*/
useSecureWebsockets: false,
/* Cryptpad can log activity to stdout /* Cryptpad can log activity to stdout
* This may be useful for debugging * This may be useful for debugging

2
server.js
View File

@ -24,7 +24,7 @@ app.use(function (req, res, next) {
if (config.websocketPort) { if (config.websocketPort) {
host = host.replace(/\:[0-9]+/, ':' + config.websocketPort); host = host.replace(/\:[0-9]+/, ':' + config.websocketPort);
} }
var proto = httpsOpts ? 'wss://' : 'ws://'; var proto = (httpsOpts || config.useSecureWebsockets) ? 'wss://' : 'ws://';
res.setHeader('Content-Security-Policy', [ res.setHeader('Content-Security-Policy', [
"default-src 'none'", "default-src 'none'",
"style-src 'unsafe-inline' 'self'", "style-src 'unsafe-inline' 'self'",