make wss CSP headers configurable again
parent
40bac1df55
commit
0fe62f8c75
|
@ -25,6 +25,11 @@ module.exports = {
|
|||
*/
|
||||
//websocketPort: 3000,
|
||||
|
||||
/* If Cryptpad is proxied without using https, the server needs to know.
|
||||
* Specify 'useSecureWebsockets: true' so that it can send
|
||||
* Content Security Policy Headers that prevent http and https from mixing
|
||||
*/
|
||||
useSecureWebsockets: false,
|
||||
|
||||
/* Cryptpad can log activity to stdout
|
||||
* This may be useful for debugging
|
||||
|
|
|
@ -24,7 +24,7 @@ app.use(function (req, res, next) {
|
|||
if (config.websocketPort) {
|
||||
host = host.replace(/\:[0-9]+/, ':' + config.websocketPort);
|
||||
}
|
||||
var proto = httpsOpts ? 'wss://' : 'ws://';
|
||||
var proto = (httpsOpts || config.useSecureWebsockets) ? 'wss://' : 'ws://';
|
||||
res.setHeader('Content-Security-Policy', [
|
||||
"default-src 'none'",
|
||||
"style-src 'unsafe-inline' 'self'",
|
||||
|
|
Loading…
Reference in New Issue