check COOP headers for multiple endpoints

and improve some error reporting in the checkup RPC
pull/1/head
ansuz 4 years ago
parent 899eef1ee8
commit 3b44c09bc4

@ -64,7 +64,7 @@ server {
add_header Permissions-Policy interest-cohort=();
set $coop '';
if ($uri ~ ^\/(sheet|presentation|doc)\/.*$) { set $coop 'same-origin'; }
if ($uri ~ ^\/(sheet|presentation|doc|convert)\/.*$) { set $coop 'same-origin'; }
# Enable SharedArrayBuffer in Firefox (for .xlsx export)
add_header Cross-Origin-Resource-Policy cross-origin;

@ -90,7 +90,7 @@ var setHeaders = (function () {
return function (req, res) {
// apply a bunch of cross-origin headers for XLSX export in FF and printing elsewhere
applyHeaderMap(res, {
"Cross-Origin-Opener-Policy": /^\/sheet\//.test(req.url)? 'same-origin': '',
"Cross-Origin-Opener-Policy": /^\/(sheet|presentation|doc|convert)\//.test(req.url)? 'same-origin': '',
});
if (Env.NO_SANDBOX) { // handles correct configuration for local development

@ -732,6 +732,36 @@ define([
cb(isHTTPS(trimmedUnsafe) && isHTTPS(trimmedSafe));
});
[
'sheet',
'presentation',
'doc',
'convert',
].forEach(function (url) {
assert(function (cb, msg) {
var header = 'cross-origin-opener-policy';
var expected = 'same-origin';
deferredPostMessage({
command: 'GET_HEADER',
content: {
url: '/' + url + '/',
header: header,
}
}, function (content) {
msg.appendChild(h('span', [
code(url),
' was served without the correct ',
code(header),
' HTTP header value (',
code(expected),
'). This will interfere with your ability to convert between office file formats.'
]));
cb(content === expected);
});
});
});
/*
assert(function (cb, msg) {
setWarningClass(msg);

@ -27,12 +27,14 @@ define([
};
window.addEventListener("message", function (event) {
var txid, command;
if (event && event.data) {
try {
//console.log(JSON.parse(event.data));
var msg = JSON.parse(event.data);
var command = msg.command;
var txid = msg.txid;
command = msg.command;
txid = msg.txid;
if (!txid) { return; }
COMMANDS[command](msg.content, function (response) {
// postMessage with same txid
postMessage({
@ -41,7 +43,11 @@ define([
});
});
} catch (err) {
console.error(err);
postMessage({
txid: txid,
content: err,
});
console.error(err, command);
}
} else {
console.error(event);

Loading…
Cancel
Save