send httpUnsafeOrigin via /api/config

7 years ago · acd5574008
parent 044384a576
commit acd5574008
2 changed files with 3 additions and 0 deletions
--- a/config.example.js
+++ b/config.example.js
@ -91,6 +91,8 @@ module.exports = {
    // cross-domain iframe. It can simply host the same content as CryptPad.
    // httpSafeOrigin: "https://some-other-domain.xyz",

+    httpUnsafeOrigin: domain,
+
    /*  your server's websocket url is configurable
     *  (default: '/cryptpad_websocket')
     *
--- a/server.js
+++ b/server.js
@ -150,6 +150,7 @@ app.get('/api/config', function(req, res){
            websocketPath: config.useExternalWebsocket ? undefined : config.websocketPath,
            websocketURL:'ws' + ((useSecureWebsockets) ? 's' : '') + '://' + host + ':' +
                websocketPort + '/cryptpad_websocket',
+            httpUnsafeOrigin: config.httpUnsafeOrigin,
        }, null, '\t'),
        'obj.httpSafeOrigin = ' + (function () {
            if (config.httpSafeOrigin) { return config.httpSafeOrigin; }