dnrops
/
cryptpad
mirror of https://github.com/xwiki-labs/cryptpad
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix incorrect frame-ancestors and update test

This commit is contained in:
ansuz 2022-04-01 13:15:06 +05:30
parent afd8f70c00
commit b4323b2c40
3 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/defaults.js
View File

@ -32,7 +32,7 @@ Default.commonCSP = function (Env) {
"media-src blob:",
// for accounts.cryptpad.fr authentication and cross-domain iframe sandbox
Env.enableEmbedding? "frame-ancestors *": `frame-ancestors ${domain}${sandbox}`,
Env.enableEmbedding? `frame-ancestors 'self' ${Env.protocol}`: `frame-ancestors ${domain}${sandbox}`,
"worker-src 'self'",
""
];

2
lib/env.js
View File

@ -68,6 +68,8 @@ module.exports.create = function (config) {
}
const Env = {
protocol: new URL(httpUnsafeOrigin).protocol,
fileHost: config.fileHost, // XXX
NO_SANDBOX: NO_SANDBOX,
httpSafePort: httpSafePort,

4
www/checkup/main.js
View File

@ -990,7 +990,7 @@ define([
'img-src': ["'self'", 'data:', 'blob:', $outer],
'media-src': ['blob:'],
'frame-ancestors': ApiConfig.enableEmbedding? ['*']: [$outer, $sandbox],
'frame-ancestors': ApiConfig.enableEmbedding? ["'self'", window.location.protocol]: [$outer, $sandbox],
'worker-src': ["'self'"],
});
cb(result);
@ -1028,7 +1028,7 @@ define([
],
'img-src': ["'self'", 'data:', 'blob:', $outer],
'media-src': ['blob:'],
'frame-ancestors': ApiConfig.enableEmbedding? ['*']: [$outer, $sandbox],
'frame-ancestors': ApiConfig.enableEmbedding? ["'self'", window.location.protocol]: [$outer, $sandbox],
'worker-src': ["'self'"],//, $outer, $sandbox],
});