sa6anw/hedgedoc-hedgeagent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Change CSP config format to be more intuitive

Browse Source
This commit is contained in:
Literallie
2017-10-20 12:31:16 +02:00
parent 5b83deb043
commit 91101c856c
5 changed files with 48 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/config/default.js
View File

@@ -15,17 +15,9 @@ module.exports = {
},
csp: {
enable: true,
reportUri: '',
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "'unsafe-eval'", "vimeo.com", "https://gist.github.com", "www.slideshare.net", "https://query.yahooapis.com", "https://*.disqus.com"],
imgSrc: ["*"],
styleSrc: ["'self'", "'unsafe-inline'", "https://assets-cdn.github.com"],
fontSrc: ["'self'", "https://public.slidesharecdn.com"],
objectSrc: ["*"],
childSrc: ["*"],
connectSrc: ["'self'", "https://links.services.disqus.com", "wss://realtime.services.disqus.com"]
},
addDefaults: true,
upgradeInsecureRequests: 'auto'
},
protocolusessl: false,

3
lib/config/environment.js
View File

@@ -14,6 +14,9 @@ module.exports = {
includeSubdomains: toBooleanConfig(process.env.HMD_HSTS_INCLUDE_SUBDOMAINS),
preload: toBooleanConfig(process.env.HMD_HSTS_PRELOAD)
},
csp: {
enable: toBooleanConfig(process.env.HMD_CSP_ENABLE)
},
protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL),
alloworigin: process.env.HMD_ALLOW_ORIGIN ? process.env.HMD_ALLOW_ORIGIN.split(',') : undefined,
usecdn: toBooleanConfig(process.env.HMD_USECDN),