infra
/
cryptpad
2
1
Fork 0
Code Issues Pull Requests Projects Releases 1 Activity

update recommended settings for embedding to permit element desktop

Browse Source
pull/1/head
ansuz 3 years ago
parent 841884c631
commit 404b89eb28
3 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File

8
docs/example.nginx.conf
Unescape Escape View File

@ -125,8 +125,12 @@ server {
# script-src specifies valid sources for javascript, including inline handlers # script-src specifies valid sources for javascript, including inline handlers
set $scriptSrc "'self' resource: https://${main_domain}"; set $scriptSrc "'self' resource: https://${main_domain}";
# XXX frame-ancestors defines where your cryptpad instance can be embedded... # frame-ancestors specifies which origins can embed your CryptPad instance
set $frameAncestors "https://${main_domain} $https://${sandbox_domain}"; # this must include 'self' and your main domain (over HTTPS) in order for CryptPad to work
# if you have enabled remote embedding via the admin panel then this must be more permissive.
# note: cryptpad.fr permits web pages served via https: and vector: (element desktop app)
set $frameAncestors "'self' https://${main_domain}";
# set $frameAncestors "'self' https: vector:";
set $unsafe 0; set $unsafe 0;
# the following assets are loaded via the sandbox domain # the following assets are loaded via the sandbox domain

2
lib/defaults.js
Unescape Escape View File

@ -32,7 +32,7 @@ Default.commonCSP = function (Env) {
"media-src blob:", "media-src blob:",
// for accounts.cryptpad.fr authentication and cross-domain iframe sandbox // for accounts.cryptpad.fr authentication and cross-domain iframe sandbox
Env.enableEmbedding? `frame-ancestors 'self' ${Env.protocol}`: `frame-ancestors ${domain}${sandbox}`, Env.enableEmbedding? `frame-ancestors 'self' ${Env.protocol} vector:`: `frame-ancestors 'self' ${domain}`,
"worker-src 'self'", "worker-src 'self'",
"" ""
]; ];

4
www/checkup/main.js
Unescape Escape View File

@ -990,7 +990,7 @@ define([
'img-src': ["'self'", 'data:', 'blob:', $outer], 'img-src': ["'self'", 'data:', 'blob:', $outer],
'media-src': ['blob:'], 'media-src': ['blob:'],
'frame-ancestors': ApiConfig.enableEmbedding? ["'self'", window.location.protocol]: [$outer, $sandbox], 'frame-ancestors': ApiConfig.enableEmbedding? ["'self'", window.location.protocol, 'vector:']: ["'self'", $outer],
'worker-src': ["'self'"], 'worker-src': ["'self'"],
}); });
cb(result); cb(result);
@ -1028,7 +1028,7 @@ define([
], ],
'img-src': ["'self'", 'data:', 'blob:', $outer], 'img-src': ["'self'", 'data:', 'blob:', $outer],
'media-src': ['blob:'], 'media-src': ['blob:'],
'frame-ancestors': ApiConfig.enableEmbedding? ["'self'", window.location.protocol]: [$outer, $sandbox], 'frame-ancestors': ApiConfig.enableEmbedding? ["'self'", window.location.protocol, 'vector:']: ["'self'", $outer],
'worker-src': ["'self'"],//, $outer, $sandbox], 'worker-src': ["'self'"],//, $outer, $sandbox],
}); });

Write Preview
Loading…
Cancel
Save