infra
/
cryptpad
2
1
Fork 0
Code Issues Pull Requests Projects Releases 1 Activity

check COOP headers for multiple endpoints

Browse Source 
and improve some error reporting in the checkup RPC
pull/1/head
ansuz 3 years ago
parent 899eef1ee8
commit 3b44c09bc4
4 changed files with 41 additions and 5 deletions
Show Stats Download Patch File Download Diff File

2
docs/example.nginx.conf
Unescape Escape View File

@ -64,7 +64,7 @@ server {
add_header Permissions-Policy interest-cohort=(); add_header Permissions-Policy interest-cohort=();
set $coop ''; set $coop '';
if ($uri ~ ^\/(sheet|presentation|doc)\/.*$) { set $coop 'same-origin'; } if ($uri ~ ^\/(sheet|presentation|doc|convert)\/.*$) { set $coop 'same-origin'; }
# Enable SharedArrayBuffer in Firefox (for .xlsx export) # Enable SharedArrayBuffer in Firefox (for .xlsx export)
add_header Cross-Origin-Resource-Policy cross-origin; add_header Cross-Origin-Resource-Policy cross-origin;

2
server.js
Unescape Escape View File

@ -90,7 +90,7 @@ var setHeaders = (function () {
return function (req, res) { return function (req, res) {
// apply a bunch of cross-origin headers for XLSX export in FF and printing elsewhere // apply a bunch of cross-origin headers for XLSX export in FF and printing elsewhere
applyHeaderMap(res, { applyHeaderMap(res, {
"Cross-Origin-Opener-Policy": /^\/sheet\//.test(req.url)? 'same-origin': '', "Cross-Origin-Opener-Policy": /^\/(sheet|presentation|doc|convert)\//.test(req.url)? 'same-origin': '',
}); });
if (Env.NO_SANDBOX) { // handles correct configuration for local development if (Env.NO_SANDBOX) { // handles correct configuration for local development

30
www/checkup/main.js
Unescape Escape View File

@ -732,6 +732,36 @@ define([
cb(isHTTPS(trimmedUnsafe) && isHTTPS(trimmedSafe)); cb(isHTTPS(trimmedUnsafe) && isHTTPS(trimmedSafe));
}); });
[
'sheet',
'presentation',
'doc',
'convert',
].forEach(function (url) {
assert(function (cb, msg) {
var header = 'cross-origin-opener-policy';
var expected = 'same-origin';
deferredPostMessage({
command: 'GET_HEADER',
content: {
url: '/' + url + '/',
header: header,
}
}, function (content) {
msg.appendChild(h('span', [
code(url),
' was served without the correct ',
code(header),
' HTTP header value (',
code(expected),
'). This will interfere with your ability to convert between office file formats.'
]));
cb(content === expected);
});
});
});
/* /*
assert(function (cb, msg) { assert(function (cb, msg) {
setWarningClass(msg); setWarningClass(msg);

12
www/checkup/sandbox/main.js
Unescape Escape View File

@ -27,12 +27,14 @@ define([
}; };
window.addEventListener("message", function (event) { window.addEventListener("message", function (event) {
var txid, command;
if (event && event.data) { if (event && event.data) {
try { try {
//console.log(JSON.parse(event.data)); //console.log(JSON.parse(event.data));
var msg = JSON.parse(event.data); var msg = JSON.parse(event.data);
var command = msg.command; command = msg.command;
var txid = msg.txid; txid = msg.txid;
if (!txid) { return; }
COMMANDS[command](msg.content, function (response) { COMMANDS[command](msg.content, function (response) {
// postMessage with same txid // postMessage with same txid
postMessage({ postMessage({
@ -41,7 +43,11 @@ define([
}); });
}); });
} catch (err) { } catch (err) {
console.error(err); postMessage({
txid: txid,
content: err,
});
console.error(err, command);
} }
} else { } else {
console.error(event); console.error(event);

Write Preview
Loading…
Cancel
Save