Made pad2 server more generic and easy to implement

2017-08-17 15:41:04 +02:00
parent e04c0b89a1
commit ad9f2ff223
6 changed files with 46 additions and 25 deletions
--- a/server.js
+++ b/server.js
@@ -38,7 +38,8 @@ var setHeaders = (function () {
        if (headers['Content-Security-Policy'].indexOf('frame-ancestors') === -1) {
            // backward compat for those who do not merge the new version of the config
            // when updating. This prevents endless spinner if someone clicks donate.
-            headers['Content-Security-Policy'] += "frame-ancestors 'self' accounts.cryptpad.fr;";
+            // It also fixes the cross-domain iframe.
+            headers['Content-Security-Policy'] += "frame-ancestors *;";
        }
    }
    const padHeaders = clone(headers);
@@ -47,7 +48,7 @@ var setHeaders = (function () {
    }
    if (Object.keys(headers).length) {
        return function (req, res) {
-            const h = /^\/pad\/inner\.html.*/.test(req.url) ? padHeaders : headers;
+            const h = /^\/pad(2)?\/inner\.html.*/.test(req.url) ? padHeaders : headers;
            for (let header in h) { res.setHeader(header, h[header]); }
        };
    }
@@ -124,18 +125,29 @@ if (config.privKeyAndCertFiles) {
 app.get('/api/config', function(req, res){
    var host = req.headers.host.replace(/\:[0-9]+/, '');
    res.setHeader('Content-Type', 'text/javascript');
-    res.send('define(' + JSON.stringify({
-        requireConf: {
-            waitSeconds: 60,
-            urlArgs: 'ver=' + Package.version + (DEV_MODE? '-' + (+new Date()): ''),
-        },
-        removeDonateButton: (config.removeDonateButton === true),
-        allowSubscriptions: (config.allowSubscriptions === true),
-
-        websocketPath: config.useExternalWebsocket ? undefined : config.websocketPath,
-        websocketURL:'ws' + ((useSecureWebsockets) ? 's' : '') + '://' + host + ':' +
-            websocketPort + '/cryptpad_websocket',
-    }) + ');');
+    res.send('define(function(){\n' + [
+        'var obj = ' + JSON.stringify({
+            requireConf: {
+                waitSeconds: 60,
+                urlArgs: 'ver=' + Package.version + (DEV_MODE? '-' + (+new Date()): ''),
+            },
+            removeDonateButton: (config.removeDonateButton === true),
+            allowSubscriptions: (config.allowSubscriptions === true),
+            websocketPath: config.useExternalWebsocket ? undefined : config.websocketPath,
+            websocketURL:'ws' + ((useSecureWebsockets) ? 's' : '') + '://' + host + ':' +
+                websocketPort + '/cryptpad_websocket',
+        }, null, '\t'),
+        'obj.httpSafeOrigin = ' + (function () {
+            if (config.httpSafeOrigin) { return config.httpSafeOrigin; }
+            if (config.httpSafePort) {
+                return "(function () { return window.location.origin.replace(/\:[0-9]+$/, ':" +
+                    config.httpSafePort + "'); }())";
+            }
+            return 'window.location.origin';
+        }()),
+        'return obj',
+        '});'
+    ].join(';\n'));
 });

 var httpServer = httpsOpts ? Https.createServer(httpsOpts, app) : Http.createServer(app);
@@ -149,7 +161,9 @@ httpServer.listen(config.httpPort,config.httpAddress,function(){

    console.log('\n[%s] server available http://%s%s', new Date().toISOString(), hostName, ps);
 });
-Http.createServer(app).listen(config.httpPort+1, config.httpAddress);
+if (config.httpSafePort) {
+    Http.createServer(app).listen(config.httpSafePort, config.httpAddress);
+}

 var wsConfig = { server: httpServer };