@ -25,6 +25,11 @@ module.exports = {
*/
//websocketPort: 3000,
/* If Cryptpad is proxied without using https, the server needs to know.
* Specify 'useSecureWebsockets: true' so that it can send
* Content Security Policy Headers that prevent http and https from mixing
useSecureWebsockets: false,
/* Cryptpad can log activity to stdout
* This may be useful for debugging
@ -24,7 +24,7 @@ app.use(function (req, res, next) {
if (config.websocketPort) {
host = host.replace(/\:[0-9]+/, ':' + config.websocketPort);
}
var proto = httpsOpts ? 'wss://' : 'ws://';
var proto = (httpsOpts || config.useSecureWebsockets) ? 'wss://' : 'ws://';
res.setHeader('Content-Security-Policy', [
"default-src 'none'",
"style-src 'unsafe-inline' 'self'",