web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'staging' of github.com:xwiki-labs/cryptpad into staging

Browse Source
This commit is contained in:
yflory
2017-06-15 14:58:24 +02:00
parent 2068a8b85b 7bee2ba27d
commit 7f25c9a8e1
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config.example.js
View File

@@ -33,9 +33,9 @@ module.exports = {
* it is recommended that you configure these fields to match the * it is recommended that you configure these fields to match the
* domain which will serve your CryptPad instance. * domain which will serve your CryptPad instance.
*/ */
"child-src 'self' *", "child-src 'self' blob: *",
"media-src *", "media-src * blob:",
/* this allows connections over secure or insecure websockets /* this allows connections over secure or insecure websockets
if you are deploying to production, you'll probably want to remove if you are deploying to production, you'll probably want to remove

1
server.js
View File

@@ -34,6 +34,7 @@ var setHeaders = (function () {
const headers = clone(config.httpHeaders); const headers = clone(config.httpHeaders);
if (config.contentSecurity) { if (config.contentSecurity) {
headers['Content-Security-Policy'] = clone(config.contentSecurity); headers['Content-Security-Policy'] = clone(config.contentSecurity);
if (!/;$/.test(headers['Content-Security-Policy'])) { headers['Content-Security-Policy'] += ';' }
if (headers['Content-Security-Policy'].indexOf('frame-ancestors') === -1) { if (headers['Content-Security-Policy'].indexOf('frame-ancestors') === -1) {
// backward compat for those who do not merge the new version of the config // backward compat for those who do not merge the new version of the config
// when updating. This prevents endless spinner if someone clicks donate. // when updating. This prevents endless spinner if someone clicks donate.