From 6a62e28c60f215d593f757fb1f4132fa342d1608 Mon Sep 17 00:00:00 2001 From: ansuz Date: Mon, 14 Feb 2022 12:20:00 +0530 Subject: [PATCH] include option upgradeURL CSP in checkup page tests --- www/checkup/main.js | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/www/checkup/main.js b/www/checkup/main.js index f71f36bdf..822f510c9 100644 --- a/www/checkup/main.js +++ b/www/checkup/main.js @@ -15,13 +15,14 @@ define([ '/customize/pages.js', '/checkup/checkup-tools.js', '/common/outer/network-config.js', + '/customize/application_config.js', '/bower_components/tweetnacl/nacl-fast.min.js', 'css!/bower_components/components-font-awesome/css/font-awesome.min.css', 'less!/checkup/app-checkup.less', ], function ($, ApiConfig, Assertions, h, Messages, DomReady, nThen, SFCommonO, Login, Hash, Util, Pinpad, - NetConfig, Pages, Tools, NetConfig) { + NetConfig, Pages, Tools, NetConfig, AppConfig) { var Assert = Assertions(); var trimSlashes = function (s) { if (typeof(s) !== 'string') { return s; } @@ -81,6 +82,17 @@ define([ console.error(err); }; + var ACCOUNTS_URL; + try { + if (typeof(AppConfig.upgradeURL) === 'string') { + ACCOUNTS_URL = new URL(AppConfig.upgradeURL, trimmedUnsafe).origin; + } + } catch (err) { + console.error(err); + } + + + assert(function (cb, msg) { msg.appendChild(h('span', [ "CryptPad's sandbox requires that both ", @@ -970,6 +982,9 @@ define([ $sandbox, API_URL.origin, isHTTPS(fileHost)? fileHost: undefined, + // support for cryptpad.fr configuration + AppConfig.accounts_api, + ![trimmedUnsafe, trimmedSafe].includes(ACCOUNTS_URL)? ACCOUNTS_URL: undefined, ], 'img-src': ["'self'", 'data:', 'blob:', $outer],