|
|
@ -38,7 +38,8 @@ var setHeaders = (function () {
|
|
|
|
if (headers['Content-Security-Policy'].indexOf('frame-ancestors') === -1) {
|
|
|
|
if (headers['Content-Security-Policy'].indexOf('frame-ancestors') === -1) {
|
|
|
|
// backward compat for those who do not merge the new version of the config
|
|
|
|
// backward compat for those who do not merge the new version of the config
|
|
|
|
// when updating. This prevents endless spinner if someone clicks donate.
|
|
|
|
// when updating. This prevents endless spinner if someone clicks donate.
|
|
|
|
headers['Content-Security-Policy'] += "frame-ancestors 'self' accounts.cryptpad.fr;";
|
|
|
|
// It also fixes the cross-domain iframe.
|
|
|
|
|
|
|
|
headers['Content-Security-Policy'] += "frame-ancestors *;";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
const padHeaders = clone(headers);
|
|
|
|
const padHeaders = clone(headers);
|
|
|
@ -47,7 +48,7 @@ var setHeaders = (function () {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (Object.keys(headers).length) {
|
|
|
|
if (Object.keys(headers).length) {
|
|
|
|
return function (req, res) {
|
|
|
|
return function (req, res) {
|
|
|
|
const h = /^\/pad\/inner\.html.*/.test(req.url) ? padHeaders : headers;
|
|
|
|
const h = /^\/pad(2)?\/inner\.html.*/.test(req.url) ? padHeaders : headers;
|
|
|
|
for (let header in h) { res.setHeader(header, h[header]); }
|
|
|
|
for (let header in h) { res.setHeader(header, h[header]); }
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -124,18 +125,29 @@ if (config.privKeyAndCertFiles) {
|
|
|
|
app.get('/api/config', function(req, res){
|
|
|
|
app.get('/api/config', function(req, res){
|
|
|
|
var host = req.headers.host.replace(/\:[0-9]+/, '');
|
|
|
|
var host = req.headers.host.replace(/\:[0-9]+/, '');
|
|
|
|
res.setHeader('Content-Type', 'text/javascript');
|
|
|
|
res.setHeader('Content-Type', 'text/javascript');
|
|
|
|
res.send('define(' + JSON.stringify({
|
|
|
|
res.send('define(function(){\n' + [
|
|
|
|
requireConf: {
|
|
|
|
'var obj = ' + JSON.stringify({
|
|
|
|
waitSeconds: 60,
|
|
|
|
requireConf: {
|
|
|
|
urlArgs: 'ver=' + Package.version + (DEV_MODE? '-' + (+new Date()): ''),
|
|
|
|
waitSeconds: 60,
|
|
|
|
},
|
|
|
|
urlArgs: 'ver=' + Package.version + (DEV_MODE? '-' + (+new Date()): ''),
|
|
|
|
removeDonateButton: (config.removeDonateButton === true),
|
|
|
|
},
|
|
|
|
allowSubscriptions: (config.allowSubscriptions === true),
|
|
|
|
removeDonateButton: (config.removeDonateButton === true),
|
|
|
|
|
|
|
|
allowSubscriptions: (config.allowSubscriptions === true),
|
|
|
|
websocketPath: config.useExternalWebsocket ? undefined : config.websocketPath,
|
|
|
|
websocketPath: config.useExternalWebsocket ? undefined : config.websocketPath,
|
|
|
|
websocketURL:'ws' + ((useSecureWebsockets) ? 's' : '') + '://' + host + ':' +
|
|
|
|
websocketURL:'ws' + ((useSecureWebsockets) ? 's' : '') + '://' + host + ':' +
|
|
|
|
websocketPort + '/cryptpad_websocket',
|
|
|
|
websocketPort + '/cryptpad_websocket',
|
|
|
|
}) + ');');
|
|
|
|
}, null, '\t'),
|
|
|
|
|
|
|
|
'obj.httpSafeOrigin = ' + (function () {
|
|
|
|
|
|
|
|
if (config.httpSafeOrigin) { return config.httpSafeOrigin; }
|
|
|
|
|
|
|
|
if (config.httpSafePort) {
|
|
|
|
|
|
|
|
return "(function () { return window.location.origin.replace(/\:[0-9]+$/, ':" +
|
|
|
|
|
|
|
|
config.httpSafePort + "'); }())";
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
return 'window.location.origin';
|
|
|
|
|
|
|
|
}()),
|
|
|
|
|
|
|
|
'return obj',
|
|
|
|
|
|
|
|
'});'
|
|
|
|
|
|
|
|
].join(';\n'));
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
var httpServer = httpsOpts ? Https.createServer(httpsOpts, app) : Http.createServer(app);
|
|
|
|
var httpServer = httpsOpts ? Https.createServer(httpsOpts, app) : Http.createServer(app);
|
|
|
@ -149,7 +161,9 @@ httpServer.listen(config.httpPort,config.httpAddress,function(){
|
|
|
|
|
|
|
|
|
|
|
|
console.log('\n[%s] server available http://%s%s', new Date().toISOString(), hostName, ps);
|
|
|
|
console.log('\n[%s] server available http://%s%s', new Date().toISOString(), hostName, ps);
|
|
|
|
});
|
|
|
|
});
|
|
|
|
Http.createServer(app).listen(config.httpPort+1, config.httpAddress);
|
|
|
|
if (config.httpSafePort) {
|
|
|
|
|
|
|
|
Http.createServer(app).listen(config.httpSafePort, config.httpAddress);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var wsConfig = { server: httpServer };
|
|
|
|
var wsConfig = { server: httpServer };
|
|
|
|
|
|
|
|
|
|
|
|