bump to cryptpad 5.7.0 (#62)
Reviewed-on: #62 Reviewed-by: muppeth <muppeth@no-reply@disroot.org> Co-authored-by: meaz <meaz@disroot.org> Co-committed-by: meaz <meaz@disroot.org>
This commit is contained in:
parent
002e1183fc
commit
5646a553fc
|
@ -5,6 +5,10 @@
|
||||||
{% extends "core.j2" %}
|
{% extends "core.j2" %}
|
||||||
|
|
||||||
{% block app_specific %}
|
{% block app_specific %}
|
||||||
|
|
||||||
|
# Include mime.types to be able to support .mjs files (see "types" below)
|
||||||
|
include mime.types;
|
||||||
|
|
||||||
# CryptPad serves static assets over these two domains.
|
# CryptPad serves static assets over these two domains.
|
||||||
# `main_domain` is what users will enter in their address bar.
|
# `main_domain` is what users will enter in their address bar.
|
||||||
# Privileged computation such as key management is handled in this scope
|
# Privileged computation such as key management is handled in this scope
|
||||||
|
@ -113,11 +117,6 @@
|
||||||
# We've applied other sandboxing techniques to mitigate the risk of running WebAssembly in this privileged scope
|
# We've applied other sandboxing techniques to mitigate the risk of running WebAssembly in this privileged scope
|
||||||
if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
|
if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
|
||||||
|
|
||||||
# draw.io uses inline script tags in it's index.html. The hashes are added here.
|
|
||||||
if ($uri ~ ^\/components\/drawio\/src\/main\/webapp\/index.html.*$) {
|
|
||||||
set $scriptSrc "'self' 'sha256-dLMFD7ijAw6AVaqecS7kbPcFFzkxQ+yeZSsKpOdLxps=' 'sha256-6g514VrT/cZFZltSaKxIVNFF46+MFaTSDTPB8WfYK+c=' resource: https://${main_domain}";
|
|
||||||
}
|
|
||||||
|
|
||||||
# privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied
|
# privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied
|
||||||
if ($unsafe) {
|
if ($unsafe) {
|
||||||
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
|
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
|
||||||
|
@ -126,6 +125,11 @@
|
||||||
# Finally, set all the rules you composed above.
|
# Finally, set all the rules you composed above.
|
||||||
add_header Content-Security-Policy "default-src 'none'; child-src $childSrc; worker-src $workerSrc; media-src $mediaSrc; style-src $styleSrc; script-src $scriptSrc; connect-src $connectSrc; font-src $fontSrc; img-src $imgSrc; frame-src $frameSrc; frame-ancestors $frameAncestors";
|
add_header Content-Security-Policy "default-src 'none'; child-src $childSrc; worker-src $workerSrc; media-src $mediaSrc; style-src $styleSrc; script-src $scriptSrc; connect-src $connectSrc; font-src $fontSrc; img-src $imgSrc; frame-src $frameSrc; frame-ancestors $frameAncestors";
|
||||||
|
|
||||||
|
# Add support for .mjs files used by pdfjs
|
||||||
|
types {
|
||||||
|
application/javascript mjs;
|
||||||
|
}
|
||||||
|
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block root %}
|
{% block root %}
|
||||||
|
|
Loading…
Reference in New Issue