3 changed files with 71 additions and 52 deletions
Split View
Diff Options
@ -0,0 +1,65 @@ |
|||
var Default = module.exports; |
|||
|
|||
Default.commonCSP = function (domain) { |
|||
// Content-Security-Policy
|
|||
return [ |
|||
"default-src 'none'", |
|||
"style-src 'unsafe-inline' 'self' " + domain, |
|||
"font-src 'self' data:" + domain, |
|||
|
|||
/* child-src is used to restrict iframes to a set of allowed domains. |
|||
* connect-src is used to restrict what domains can connect to the websocket. |
|||
* |
|||
* it is recommended that you configure these fields to match the |
|||
* domain which will serve your CryptPad instance. |
|||
*/ |
|||
"child-src blob: *", |
|||
// IE/Edge
|
|||
"frame-src blob: *", |
|||
|
|||
/* this allows connections over secure or insecure websockets |
|||
if you are deploying to production, you'll probably want to remove |
|||
the ws://* directive, and change '*' to your domain
|
|||
*/ |
|||
"connect-src 'self' ws: wss: blob:" + domain, |
|||
|
|||
// data: is used by codemirror
|
|||
"img-src 'self' data: blob:" + domain, |
|||
"media-src * blob:", |
|||
|
|||
// for accounts.cryptpad.fr authentication and cross-domain iframe sandbox
|
|||
"frame-ancestors *", |
|||
"" |
|||
]; |
|||
}; |
|||
|
|||
Default.contentSecurity = function (domain) { |
|||
return Default.commonCSP(domain).join('; ') + "script-src 'self'" + domain; |
|||
}; |
|||
|
|||
Default.padContentSecurity = function (domain) { |
|||
return Default.commonCSP(domain).join('; ') + "script-src 'self' 'unsafe-eval' 'unsafe-inline'" + domain; |
|||
}; |
|||
|
|||
Default.httpHeaders = function () { |
|||
return { |
|||
"X-XSS-Protection": "1; mode=block", |
|||
"X-Content-Type-Options": "nosniff", |
|||
"Access-Control-Allow-Origin": "*" |
|||
}; |
|||
}; |
|||
|
|||
Default.mainPages = function () { |
|||
return [ |
|||
'index', |
|||
'privacy', |
|||
'terms', |
|||
'about', |
|||
'contact', |
|||
'what-is-cryptpad', |
|||
'features', |
|||
'faq', |
|||
'maintenance' |
|||
]; |
|||
}; |
|||
|
|||
Write
Preview
Loading…
Cancel
Save