web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add a semicolon at the end of the CSP if none exists.

Browse Source
This commit is contained in:
Caleb James DeLisle 2017-06-15 14:45:01 +02:00
parent 2a262555ed
commit 7bee2ba27d
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
server.js
View File

@ -34,6 +34,7 @@ var setHeaders = (function () {
const headers = clone(config.httpHeaders); const headers = clone(config.httpHeaders);
if (config.contentSecurity) { if (config.contentSecurity) {
headers['Content-Security-Policy'] = clone(config.contentSecurity); headers['Content-Security-Policy'] = clone(config.contentSecurity);
if (!/;$/.test(headers['Content-Security-Policy'])) { headers['Content-Security-Policy'] += ';' }
if (headers['Content-Security-Policy'].indexOf('frame-ancestors') === -1) { if (headers['Content-Security-Policy'].indexOf('frame-ancestors') === -1) {
// backward compat for those who do not merge the new version of the config // backward compat for those who do not merge the new version of the config
// when updating. This prevents endless spinner if someone clicks donate. // when updating. This prevents endless spinner if someone clicks donate.