wip csp issue

pull/1/head
ansuz 5 years ago
parent 2daf759299
commit 3b05d24f10

@ -42,7 +42,7 @@ if (process.env.PACKAGE) {
throw new Error("No 'httpUnsafeOrigin' provided");
}
config.httpUnsafeOrigin = config.httpUnsafeOrigin.trim();
config.httpUnsafeOrigin = config.httpUnsafeOrigin.trim().replace(/\/$/, '');
// fall back to listening on a local address
// if httpAddress is not a string
@ -125,11 +125,14 @@ var setHeaders = (function () {
if (Object.keys(headers).length) {
return function (req, res) {
const h = [
/^\/pad\/inner\.html.*/,
/^\/+pad\/inner\.html.*/,
/^\/common\/onlyoffice\/.*\/index\.html.*/,
/^\/(sheet|ooslide|oodoc)\/inner\.html.*/,
/^\/+(sheet|ooslide|oodoc)\/in.*\.html.*/,
].some((regex) => {
return regex.test(req.url)
if (regex.test('' + req.url)) {
console.log('CSP MATCH: [%s] <= [%s]', regex, req.url);
return true;
}
}) ? padHeaders: headers;
for (let header in h) { res.setHeader(header, h[header]); }
};

@ -31,6 +31,10 @@ define([
ApiConfig.httpSafeOrigin + window.location.pathname + 'inner.html?' +
requireConfig.urlArgs + '#' + encodeURIComponent(JSON.stringify(req)));
console.log(ApiConfig.httpSafeOrigin);
console.error(document.getElementById('sbox-iframe').getAttribute('src'));
// This is a cheap trick to avoid loading sframe-channel in parallel with the
// loading screen setup.
var done = waitFor();

Loading…
Cancel
Save