From 8ac0741511d8b53739198852dc442051dff079da Mon Sep 17 00:00:00 2001 From: ansuz Date: Mon, 10 Apr 2017 18:07:32 +0200 Subject: [PATCH 1/3] move docker section down --- readme.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/readme.md b/readme.md index 194b58676..b3c8a1a61 100644 --- a/readme.md +++ b/readme.md @@ -73,8 +73,6 @@ npm update; To reset your instance of Cryptpad and remove all the data that is being stored: - - ``` # change into your cryptpad directory cd /your/cryptpad/instance/location; @@ -104,10 +102,6 @@ You can do so by launching your server in _dev mode_, like so: `DEV=1 node server.js` -# Setup using Docker - -See [Cryptpad-Docker](cryptpad-docker.md) - ## Security CryptPad is *private*, not *anonymous*. Privacy protects your data, anonymity protects you. @@ -127,6 +121,10 @@ the battery out of your computer before it spawns Agent Smith. Still there are other low-lives in the world so using CryptPad over HTTPS is probably a good idea. +## Setup using Docker + +See [Cryptpad-Docker](cryptpad-docker.md) + ## Translations We'd like to make it easy for more people to use encryption in their routine activities. From 2a7793acd87bc6b2da8ccbd04a27a70bac20ec60 Mon Sep 17 00:00:00 2001 From: ansuz Date: Mon, 10 Apr 2017 18:08:01 +0200 Subject: [PATCH 2/3] set a more permissive CSP policy by default. add a note about it --- config.js.dist | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/config.js.dist b/config.js.dist index caa48eed1..6ef7267c1 100644 --- a/config.js.dist +++ b/config.js.dist @@ -32,9 +32,14 @@ module.exports = { * it is recommended that you configure these fields to match the * domain which will serve your cryptpad instance. */ - "connect-src 'self' ws://*", "child-src 'self' *", + /* this allows connections over secure or insecure websockets + if you are deploying to production, you'll probably want to remove + the ws://* directive, and change '*' to your domain + */ + "connect-src 'self' ws://* wss://*", + // data: is used by codemirror "img-src 'self' data:", ].join('; '), @@ -51,7 +56,9 @@ module.exports = { * configured for best effect. */ "child-src 'self' *", - "connect-src 'self' ws://*", + + // see the comment above in the 'contentSecurity' section + "connect-src 'self' ws://* wss://*", // (insecure remote) images are included by users of the wysiwyg who embed photos in their pads "img-src *", From cde9ea98871db43eed9ac179d06d86dfec111163 Mon Sep 17 00:00:00 2001 From: ansuz Date: Mon, 10 Apr 2017 18:09:22 +0200 Subject: [PATCH 3/3] update footer version --- customize.dist/about.html | 2 +- customize.dist/contact.html | 2 +- customize.dist/index.html | 2 +- customize.dist/privacy.html | 2 +- customize.dist/src/fragments/footer.html | 2 +- customize.dist/terms.html | 2 +- www/settings/index.html | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/customize.dist/about.html b/customize.dist/about.html index 8cab87663..f3e87dd25 100644 --- a/customize.dist/about.html +++ b/customize.dist/about.html @@ -115,7 +115,7 @@ - + diff --git a/customize.dist/contact.html b/customize.dist/contact.html index e4ec47098..fc98c6eba 100644 --- a/customize.dist/contact.html +++ b/customize.dist/contact.html @@ -112,7 +112,7 @@ - + diff --git a/customize.dist/index.html b/customize.dist/index.html index 7e72475da..02a10078d 100644 --- a/customize.dist/index.html +++ b/customize.dist/index.html @@ -234,7 +234,7 @@ - + diff --git a/customize.dist/privacy.html b/customize.dist/privacy.html index ded6929e8..dd1a7a686 100644 --- a/customize.dist/privacy.html +++ b/customize.dist/privacy.html @@ -133,7 +133,7 @@ - + diff --git a/customize.dist/src/fragments/footer.html b/customize.dist/src/fragments/footer.html index 74deda6d9..0882cecbd 100644 --- a/customize.dist/src/fragments/footer.html +++ b/customize.dist/src/fragments/footer.html @@ -39,5 +39,5 @@ - + diff --git a/customize.dist/terms.html b/customize.dist/terms.html index 2a7da226f..28f0b62ac 100644 --- a/customize.dist/terms.html +++ b/customize.dist/terms.html @@ -116,7 +116,7 @@ - + diff --git a/www/settings/index.html b/www/settings/index.html index 1b5ac3a3a..795ab825a 100644 --- a/www/settings/index.html +++ b/www/settings/index.html @@ -106,7 +106,7 @@ - +