infra
/
cryptpad
2
1
Fork 0
Code Issues Pull Requests Projects Releases 1 Activity

comment out config lines which break local usage of cryptpad

pull/1/head
ansuz 2017-03-16 15:17:40 +01:00
parent 5ed6223313
commit 3185e2a4cc
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
config.js.dist
View File

@ -37,9 +37,17 @@ module.exports = {
"style-src 'unsafe-inline' 'self'", "style-src 'unsafe-inline' 'self'",
// Unsafe inline, unsafe-eval are needed for ckeditor :( // Unsafe inline, unsafe-eval are needed for ckeditor :(
"script-src 'self' 'unsafe-eval' 'unsafe-inline'", "script-src 'self' 'unsafe-eval' 'unsafe-inline'",
"child-src 'self' cryptpad.fr *.cryptpad.fr",
"font-src 'self'", "font-src 'self'",
"connect-src 'self' wss://cryptpad.fr",
/* child-src is used to restrict iframes to a set of allowed domains.
* connect-src is used to restrict what domains can connect to the websocket.
*
* it is recommended that you configure these fields to match the
* domain which will serve your cryptpad instance.
*/
// "child-src 'self' cryptpad.fr *.cryptpad.fr",
// "connect-src 'self' wss://cryptpad.fr",
// (insecure remote) images are included by users of the wysiwyg who embed photos in their pads // (insecure remote) images are included by users of the wysiwyg who embed photos in their pads
"img-src *", "img-src *",
].join('; '), ].join('; '),