You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

86 lines
2.6 KiB

  1. var Default = module.exports;
  2. Default.commonCSP = function (domain) {
  3. domain = ' ' + domain;
  4. // Content-Security-Policy
  5. return [
  6. "default-src 'none'",
  7. "style-src 'unsafe-inline' 'self' " + domain,
  8. "font-src 'self' data:" + domain,
  9. /* child-src is used to restrict iframes to a set of allowed domains.
  10. * connect-src is used to restrict what domains can connect to the websocket.
  11. *
  12. * it is recommended that you configure these fields to match the
  13. * domain which will serve your CryptPad instance.
  14. */
  15. "child-src blob: *",
  16. // IE/Edge
  17. "frame-src blob: *",
  18. /* this allows connections over secure or insecure websockets
  19. if you are deploying to production, you'll probably want to remove
  20. the ws://* directive, and change '*' to your domain
  21. */
  22. "connect-src 'self' ws: wss: blob:" + domain,
  23. // data: is used by codemirror
  24. "img-src 'self' data: blob:" + domain,
  25. "media-src * blob:",
  26. // for accounts.cryptpad.fr authentication and cross-domain iframe sandbox
  27. "frame-ancestors *",
  28. ""
  29. ];
  30. };
  31. Default.contentSecurity = function (domain) {
  32. return (Default.commonCSP(domain).join('; ') + "script-src 'self' resource: " + domain).replace(/\s+/g, ' ');
  33. };
  34. Default.padContentSecurity = function (domain) {
  35. return (Default.commonCSP(domain).join('; ') + "script-src 'self' 'unsafe-eval' 'unsafe-inline' resource: " + domain).replace(/\s+/g, ' ');
  36. };
  37. Default.httpHeaders = function () {
  38. return {
  39. "X-XSS-Protection": "1; mode=block",
  40. "X-Content-Type-Options": "nosniff",
  41. "Access-Control-Allow-Origin": "*"
  42. };
  43. };
  44. Default.mainPages = function () {
  45. return [
  46. 'index',
  47. 'privacy',
  48. 'terms',
  49. 'about',
  50. 'contact',
  51. 'what-is-cryptpad',
  52. 'features',
  53. 'faq',
  54. 'maintenance'
  55. ];
  56. };
  57. /* By default the CryptPad server will run scheduled tasks every five minutes
  58. * If you want to run scheduled tasks in a separate process (like a crontab)
  59. * you can disable this behaviour by setting the following value to true
  60. */
  61. //disableIntegratedTasks: false,
  62. /* CryptPad's file storage adaptor closes unused files after a configurable
  63. * number of milliseconds (default 30000 (30 seconds))
  64. */
  65. // channelExpirationMs: 30000,
  66. /* CryptPad's file storage adaptor is limited by the number of open files.
  67. * When the adaptor reaches openFileLimit, it will clean up older files
  68. */
  69. //openFileLimit: 2048,