make wss CSP headers configurable again

2016-10-12 13:03:36 +02:00 · 2016-10-12 13:03:36 +02:00 · 0fe62f8c75
parent 40bac1df55
commit 0fe62f8c75
2 changed files with 6 additions and 1 deletions
--- a/config.js.dist
+++ b/config.js.dist
@ -25,6 +25,11 @@ module.exports = {
     */
    //websocketPort: 3000,

+    /*  If Cryptpad is proxied without using https, the server needs to know.
+     *  Specify 'useSecureWebsockets: true' so that it can send
+     *  Content Security Policy Headers that prevent http and https from mixing
+     */
+     useSecureWebsockets: false,

    /*  Cryptpad can log activity to stdout
     *  This may be useful for debugging
--- a/server.js
+++ b/server.js
@ -24,7 +24,7 @@ app.use(function (req, res, next) {
    if (config.websocketPort) {
        host = host.replace(/\:[0-9]+/, ':' + config.websocketPort);
    }
-    var proto = httpsOpts ? 'wss://' : 'ws://';
+    var proto = (httpsOpts || config.useSecureWebsockets) ? 'wss://' : 'ws://';
    res.setHeader('Content-Security-Policy', [
        "default-src 'none'",
        "style-src 'unsafe-inline' 'self'",