web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix default CSP headers

Browse Source
This commit is contained in:
ansuz 2020-02-28 10:46:44 -05:00
parent 8d509fd6d5
commit 3cf09924ae
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/defaults.js
View File

@ -1,7 +1,9 @@
var Default = module.exports; var Default = module.exports;
Default.commonCSP = function (domain) { Default.commonCSP = function (domain) {
domain = ' ' + domain;
// Content-Security-Policy // Content-Security-Policy
return [ return [
"default-src 'none'", "default-src 'none'",
"style-src 'unsafe-inline' 'self' " + domain, "style-src 'unsafe-inline' 'self' " + domain,
@ -34,11 +36,11 @@ Default.commonCSP = function (domain) {
}; };
Default.contentSecurity = function (domain) { Default.contentSecurity = function (domain) {
return Default.commonCSP(domain).join('; ') + "script-src 'self'" + domain; return (Default.commonCSP(domain).join('; ') + "script-src 'self' " + domain).replace(/\s+/g, ' ');
}; };
Default.padContentSecurity = function (domain) { Default.padContentSecurity = function (domain) {
return Default.commonCSP(domain).join('; ') + "script-src 'self' 'unsafe-eval' 'unsafe-inline'" + domain; return (Default.commonCSP(domain).join('; ') + "script-src 'self' 'unsafe-eval' 'unsafe-inline' " + domain).replace(/\s+/g, ' ');
}; };
Default.httpHeaders = function () { Default.httpHeaders = function () {