Merge remote-tracking branch 'origin/4.15-candidate' into 4.15-candidate

master
David Benqué 3 years ago
commit 312d030bef

@ -5,6 +5,7 @@ Default.commonCSP = function (Env) {
var sandbox = Env.httpSafeOrigin; var sandbox = Env.httpSafeOrigin;
sandbox = (sandbox && sandbox !== domain? ' ' + sandbox: ''); sandbox = (sandbox && sandbox !== domain? ' ' + sandbox: '');
// Content-Security-Policy // Content-Security-Policy
var accounts_api = Env.accounts_api? ' ' + Env.accounts_api: '';
return [ return [
"default-src 'none'", "default-src 'none'",
@ -25,7 +26,7 @@ Default.commonCSP = function (Env) {
if you are deploying to production, you'll probably want to remove if you are deploying to production, you'll probably want to remove
the ws://* directive the ws://* directive
*/ */
"connect-src 'self' blob: " + (/^https:/.test(domain)? 'wss:': domain.replace('http://', 'ws://')) + ' ' + domain + sandbox, "connect-src 'self' blob: " + (/^https:/.test(domain)? 'wss:': domain.replace('http://', 'ws://')) + ' ' + domain + sandbox + accounts_api,
// data: is used by codemirror // data: is used by codemirror
"img-src 'self' data: blob:" + domain, "img-src 'self' data: blob:" + domain,

@ -73,6 +73,7 @@ module.exports.create = function (config) {
fileHost: config.fileHost || undefined, fileHost: config.fileHost || undefined,
NO_SANDBOX: NO_SANDBOX, NO_SANDBOX: NO_SANDBOX,
httpSafePort: httpSafePort, httpSafePort: httpSafePort,
accounts_api: config.accounts_api || undefined, // XXX
shouldUpdateNode: !isRecentVersion(), shouldUpdateNode: !isRecentVersion(),

@ -75,6 +75,7 @@ define([
var trimmedSafe = trimSlashes(ApiConfig.httpSafeOrigin); var trimmedSafe = trimSlashes(ApiConfig.httpSafeOrigin);
var trimmedUnsafe = trimSlashes(ApiConfig.httpUnsafeOrigin); var trimmedUnsafe = trimSlashes(ApiConfig.httpUnsafeOrigin);
var fileHost = ApiConfig.fileHost; var fileHost = ApiConfig.fileHost;
var accounts_api = ApiConfig.accounts_api || AppConfig.accounts_api || undefined;
var getAPIPlaceholderPath = function (relative) { var getAPIPlaceholderPath = function (relative) {
var absolute; var absolute;
@ -986,7 +987,7 @@ define([
API_URL.origin, API_URL.origin,
isHTTPS(fileHost)? fileHost: undefined, isHTTPS(fileHost)? fileHost: undefined,
// support for cryptpad.fr configuration // support for cryptpad.fr configuration
AppConfig.accounts_api, accounts_api,
![trimmedUnsafe, trimmedSafe].includes(ACCOUNTS_URL)? ACCOUNTS_URL: undefined, ![trimmedUnsafe, trimmedSafe].includes(ACCOUNTS_URL)? ACCOUNTS_URL: undefined,
], ],
@ -1025,7 +1026,7 @@ define([
$sandbox, $sandbox,
API_URL.origin, API_URL.origin,
isHTTPS(fileHost)? fileHost: undefined, isHTTPS(fileHost)? fileHost: undefined,
AppConfig.accounts_api, accounts_api,
![trimmedUnsafe, trimmedSafe].includes(ACCOUNTS_URL)? ACCOUNTS_URL: undefined, ![trimmedUnsafe, trimmedSafe].includes(ACCOUNTS_URL)? ACCOUNTS_URL: undefined,
], ],
'img-src': ["'self'", 'data:', 'blob:', $outer], 'img-src': ["'self'", 'data:', 'blob:', $outer],

Loading…
Cancel
Save