You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
66 lines
1.8 KiB
JavaScript
66 lines
1.8 KiB
JavaScript
5 years ago
|
var Default = module.exports;
|
||
|
|
||
|
Default.commonCSP = function (domain) {
|
||
|
// Content-Security-Policy
|
||
|
return [
|
||
|
"default-src 'none'",
|
||
|
"style-src 'unsafe-inline' 'self' " + domain,
|
||
|
"font-src 'self' data:" + domain,
|
||
|
|
||
|
/* child-src is used to restrict iframes to a set of allowed domains.
|
||
|
* connect-src is used to restrict what domains can connect to the websocket.
|
||
|
*
|
||
|
* it is recommended that you configure these fields to match the
|
||
|
* domain which will serve your CryptPad instance.
|
||
|
*/
|
||
|
"child-src blob: *",
|
||
|
// IE/Edge
|
||
|
"frame-src blob: *",
|
||
|
|
||
|
/* this allows connections over secure or insecure websockets
|
||
|
if you are deploying to production, you'll probably want to remove
|
||
|
the ws://* directive, and change '*' to your domain
|
||
|
*/
|
||
|
"connect-src 'self' ws: wss: blob:" + domain,
|
||
|
|
||
|
// data: is used by codemirror
|
||
|
"img-src 'self' data: blob:" + domain,
|
||
|
"media-src * blob:",
|
||
|
|
||
|
// for accounts.cryptpad.fr authentication and cross-domain iframe sandbox
|
||
|
"frame-ancestors *",
|
||
|
""
|
||
|
];
|
||
|
};
|
||
|
|
||
|
Default.contentSecurity = function (domain) {
|
||
|
return Default.commonCSP(domain).join('; ') + "script-src 'self'" + domain;
|
||
|
};
|
||
|
|
||
|
Default.padContentSecurity = function (domain) {
|
||
|
return Default.commonCSP(domain).join('; ') + "script-src 'self' 'unsafe-eval' 'unsafe-inline'" + domain;
|
||
|
};
|
||
|
|
||
|
Default.httpHeaders = function () {
|
||
|
return {
|
||
|
"X-XSS-Protection": "1; mode=block",
|
||
|
"X-Content-Type-Options": "nosniff",
|
||
|
"Access-Control-Allow-Origin": "*"
|
||
|
};
|
||
|
};
|
||
|
|
||
|
Default.mainPages = function () {
|
||
|
return [
|
||
|
'index',
|
||
|
'privacy',
|
||
|
'terms',
|
||
|
'about',
|
||
|
'contact',
|
||
|
'what-is-cryptpad',
|
||
|
'features',
|
||
|
'faq',
|
||
|
'maintenance'
|
||
|
];
|
||
|
};
|
||
|
|