bump to cryptpad 5.7.0 (#62)
Reviewed-on: #62 Reviewed-by: muppeth <muppeth@no-reply@disroot.org> Co-authored-by: meaz <meaz@disroot.org> Co-committed-by: meaz <meaz@disroot.org>
This commit is contained in:
parent
002e1183fc
commit
5646a553fc
|
@ -5,6 +5,10 @@
|
|||
{% extends "core.j2" %}
|
||||
|
||||
{% block app_specific %}
|
||||
|
||||
# Include mime.types to be able to support .mjs files (see "types" below)
|
||||
include mime.types;
|
||||
|
||||
# CryptPad serves static assets over these two domains.
|
||||
# `main_domain` is what users will enter in their address bar.
|
||||
# Privileged computation such as key management is handled in this scope
|
||||
|
@ -113,11 +117,6 @@
|
|||
# We've applied other sandboxing techniques to mitigate the risk of running WebAssembly in this privileged scope
|
||||
if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
|
||||
|
||||
# draw.io uses inline script tags in it's index.html. The hashes are added here.
|
||||
if ($uri ~ ^\/components\/drawio\/src\/main\/webapp\/index.html.*$) {
|
||||
set $scriptSrc "'self' 'sha256-dLMFD7ijAw6AVaqecS7kbPcFFzkxQ+yeZSsKpOdLxps=' 'sha256-6g514VrT/cZFZltSaKxIVNFF46+MFaTSDTPB8WfYK+c=' resource: https://${main_domain}";
|
||||
}
|
||||
|
||||
# privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied
|
||||
if ($unsafe) {
|
||||
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
|
||||
|
@ -126,6 +125,11 @@
|
|||
# Finally, set all the rules you composed above.
|
||||
add_header Content-Security-Policy "default-src 'none'; child-src $childSrc; worker-src $workerSrc; media-src $mediaSrc; style-src $styleSrc; script-src $scriptSrc; connect-src $connectSrc; font-src $fontSrc; img-src $imgSrc; frame-src $frameSrc; frame-ancestors $frameAncestors";
|
||||
|
||||
# Add support for .mjs files used by pdfjs
|
||||
types {
|
||||
application/javascript mjs;
|
||||
}
|
||||
|
||||
{% endblock %}
|
||||
|
||||
{% block root %}
|
||||
|
|
Loading…
Reference in New Issue