tolerate trailing slashes in httpSafeDomain

pull/1/head
ansuz 5 years ago
parent 3b05d24f10
commit 9fa93172cf

@ -42,7 +42,8 @@ if (process.env.PACKAGE) {
throw new Error("No 'httpUnsafeOrigin' provided");
}
config.httpUnsafeOrigin = config.httpUnsafeOrigin.trim().replace(/\/$/, '');
config.httpUnsafeOrigin = config.httpUnsafeOrigin.trim();
config.httpSafeOrigin = config.httpSafeOrigin.trim().replace(/\/$/, '');
// fall back to listening on a local address
// if httpAddress is not a string
@ -125,15 +126,12 @@ var setHeaders = (function () {
if (Object.keys(headers).length) {
return function (req, res) {
const h = [
/^\/+pad\/inner\.html.*/,
/^\/pad\/inner\.html.*/,
/^\/common\/onlyoffice\/.*\/index\.html.*/,
/^\/+(sheet|ooslide|oodoc)\/in.*\.html.*/,
/^\/(sheet|ooslide|oodoc)\/inner\.html.*/,
].some((regex) => {
if (regex.test('' + req.url)) {
console.log('CSP MATCH: [%s] <= [%s]', regex, req.url);
return true;
}
}) ? padHeaders: headers;
return regex.test(req.url);
}) ? padHeaders : headers;
for (let header in h) { res.setHeader(header, h[header]); }
};
}

@ -31,10 +31,6 @@ define([
ApiConfig.httpSafeOrigin + window.location.pathname + 'inner.html?' +
requireConfig.urlArgs + '#' + encodeURIComponent(JSON.stringify(req)));
console.log(ApiConfig.httpSafeOrigin);
console.error(document.getElementById('sbox-iframe').getAttribute('src'));
// This is a cheap trick to avoid loading sframe-channel in parallel with the
// loading screen setup.
var done = waitFor();

Loading…
Cancel
Save