|
|
|
@ -103,7 +103,7 @@ server { |
|
|
|
# they unfortunately still require exceptions to the sandboxing to work correctly. |
|
|
|
if ($uri = "/pad/inner.html") { set $unsafe 1; } |
|
|
|
if ($uri = "/sheet/inner.html") { set $unsafe 1; } |
|
|
|
if ($uri = "/common/onlyoffice/web-apps/apps/spreadsheeteditor/main/index.html") { set $unsafe 1; } |
|
|
|
if ($uri ~ ^\/common\/onlyoffice\/.*\/index\.html.*$) { set $unsafe 1; } |
|
|
|
|
|
|
|
# everything except the sandbox domain is a privileged scope, as they might be used to handle keys |
|
|
|
if ($host != sandbox.cryptpad.info) { set $unsafe 0; } |
|
|
|
|