Merge branch 'fix-printing' into staging
commit
d95b0954f9
|
@ -57,9 +57,12 @@ server {
|
|||
add_header Access-Control-Allow-Origin "*";
|
||||
# add_header X-Frame-Options "SAMEORIGIN";
|
||||
|
||||
set $coop '';
|
||||
if ($uri ~ ^\/sheet\/.*$) { set $coop 'same-origin'; }
|
||||
|
||||
# Enable SharedArrayBuffer in Firefox (for .xlsx export)
|
||||
add_header Cross-Origin-Resource-Policy cross-origin;
|
||||
add_header Cross-Origin-Opener-Policy same-origin;
|
||||
add_header Cross-Origin-Opener-Policy $coop;
|
||||
add_header Cross-Origin-Embedder-Policy require-corp;
|
||||
|
||||
# Insert the path to your CryptPad repository root here
|
||||
|
|
|
@ -48,9 +48,6 @@ Default.httpHeaders = function () {
|
|||
"X-XSS-Protection": "1; mode=block",
|
||||
"X-Content-Type-Options": "nosniff",
|
||||
"Access-Control-Allow-Origin": "*",
|
||||
"Cross-Origin-Resource-Policy": 'cross-origin',
|
||||
"Cross-Origin-Opener-Policy": 'same-origin',
|
||||
"Cross-Origin-Embedder-Policy": 'require-corp',
|
||||
};
|
||||
};
|
||||
|
||||
|
|
16
server.js
16
server.js
|
@ -60,6 +60,10 @@ var app = Express();
|
|||
}
|
||||
}());
|
||||
|
||||
var applyHeaderMap = function (res, map) {
|
||||
for (let header in map) { res.setHeader(header, map[header]); }
|
||||
};
|
||||
|
||||
var setHeaders = (function () {
|
||||
// load the default http headers unless the admin has provided their own via the config file
|
||||
var headers;
|
||||
|
@ -96,14 +100,21 @@ var setHeaders = (function () {
|
|||
}
|
||||
if (Object.keys(headers).length) {
|
||||
return function (req, res) {
|
||||
// apply a bunch of cross-origin headers for XLSX export in FF and printing elsewhere
|
||||
applyHeaderMap(res, {
|
||||
"Cross-Origin-Resource-Policy": 'cross-origin',
|
||||
"Cross-Origin-Opener-Policy": /^\/sheet\//.test(req.url)? 'same-origin': '',
|
||||
"Cross-Origin-Embedder-Policy": 'require-corp',
|
||||
});
|
||||
|
||||
// targeted CSP, generic policies, maybe custom headers
|
||||
const h = [
|
||||
///^\/pad\/inner\.html.*/,
|
||||
/^\/common\/onlyoffice\/.*\/index\.html.*/,
|
||||
/^\/(sheet|ooslide|oodoc)\/inner\.html.*/,
|
||||
].some((regex) => {
|
||||
return regex.test(req.url);
|
||||
}) ? padHeaders : headers;
|
||||
for (let header in h) { res.setHeader(header, h[header]); }
|
||||
applyHeaderMap(res, h);
|
||||
};
|
||||
}
|
||||
return function () {};
|
||||
|
@ -139,6 +150,7 @@ app.use(function (req, res, next) {
|
|||
|
||||
setHeaders(req, res);
|
||||
if (/[\?\&]ver=[^\/]+$/.test(req.url)) { res.setHeader("Cache-Control", "max-age=31536000"); }
|
||||
else { res.setHeader("Cache-Control", "no-cache"); }
|
||||
next();
|
||||
});
|
||||
|
||||
|
|
Loading…
Reference in New Issue