|
|
|
@ -103,7 +103,7 @@ server {
|
|
|
|
|
# they unfortunately still require exceptions to the sandboxing to work correctly.
|
|
|
|
|
if ($uri = "/pad/inner.html") { set $unsafe 1; }
|
|
|
|
|
if ($uri = "/sheet/inner.html") { set $unsafe 1; }
|
|
|
|
|
if ($uri = "/common/onlyoffice/web-apps/apps/spreadsheeteditor/main/index.html") { set $unsafe 1; }
|
|
|
|
|
if ($uri ~ ^\/common\/onlyoffice\/.*\/index\.html.*$) { set $unsafe 1; }
|
|
|
|
|
|
|
|
|
|
# everything except the sandbox domain is a privileged scope, as they might be used to handle keys
|
|
|
|
|
if ($host != sandbox.cryptpad.info) { set $unsafe 0; }
|
|
|
|
|