mirror of https://github.com/xwiki-labs/cryptpad
Update draw.io dependency and remove unneeded CSP headers
This commit is contained in:
parent
2611785a50
commit
7f55498bcc
|
@ -163,8 +163,8 @@ server {
|
|||
if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
|
||||
|
||||
# draw.io uses inline script tags in it's index.html. The hashes are added here.
|
||||
if ($uri ~ ^\/components\/drawio-cp\/src\/main\/webapp\/index.html.*$) {
|
||||
set $scriptSrc "'self' 'sha256-dLMFD7ijAw6AVaqecS7kbPcFFzkxQ+yeZSsKpOdLxps=' 'sha256-6g514VrT/cZFZltSaKxIVNFF46+MFaTSDTPB8WfYK+c=' resource: https://${main_domain}";
|
||||
if ($uri ~ ^\/components\/drawio\/src\/main\/webapp\/index.html.*$) {
|
||||
set $scriptSrc "'self' resource: https://${main_domain}";
|
||||
}
|
||||
|
||||
# privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied
|
||||
|
|
|
@ -48,10 +48,6 @@ Default.padContentSecurity = function (Env) {
|
|||
return (Default.commonCSP(Env).join('; ') + "script-src 'self' 'unsafe-eval' 'unsafe-inline' resource: " + Env.httpUnsafeOrigin).replace(/\s+/g, ' ');
|
||||
};
|
||||
|
||||
Default.diagramContentSecurity = function (Env) {
|
||||
return (Default.commonCSP(Env).join('; ') + "script-src 'self' 'sha256-dLMFD7ijAw6AVaqecS7kbPcFFzkxQ+yeZSsKpOdLxps=' 'sha256-6g514VrT/cZFZltSaKxIVNFF46+MFaTSDTPB8WfYK+c=' resource: " + Env.httpUnsafeOrigin).replace(/\s+/g, ' ');
|
||||
};
|
||||
|
||||
Default.httpHeaders = function (Env) {
|
||||
return {
|
||||
"X-XSS-Protection": "1; mode=block",
|
||||
|
|
|
@ -123,8 +123,6 @@ var getHeaders = function (Env, type) {
|
|||
var csp;
|
||||
if (type === 'office') {
|
||||
csp = Default.padContentSecurity(Env);
|
||||
} else if (type === 'diagram') {
|
||||
csp = Default.diagramContentSecurity(Env);
|
||||
} else {
|
||||
csp = Default.contentSecurity(Env);
|
||||
}
|
||||
|
@ -147,8 +145,6 @@ var setHeaders = function (req, res) {
|
|||
type = 'office';
|
||||
} else if (/^\/api\/(broadcast|config)/.test(req.url)) {
|
||||
type = 'api';
|
||||
} else if (/^\/components\/drawio-cp\/src\/main\/webapp\/index.html.*$/.test(req.url)) {
|
||||
type = 'diagram';
|
||||
} else {
|
||||
type = 'standard';
|
||||
}
|
||||
|
|
|
@ -23,7 +23,7 @@
|
|||
"components-font-awesome": "^4.6.3",
|
||||
"croppie": "^2.5.0",
|
||||
"dragula": "3.7.2",
|
||||
"drawio-cp": "github:cryptpad/drawio-npm#npm-21.8.2",
|
||||
"drawio": "github:cryptpad/drawio-npm#npm-21.8.2",
|
||||
"express": "~4.18.2",
|
||||
"file-saver": "1.3.1",
|
||||
"fs-extra": "^7.0.0",
|
||||
|
|
|
@ -59,7 +59,7 @@
|
|||
"requirejs-plugins": "^1.0.2",
|
||||
"scrypt-async": "1.2.0",
|
||||
"sortablejs": "^1.6.0",
|
||||
"drawio-cp": "github:cryptpad/drawio-npm#npm-21.8.2",
|
||||
"drawio": "github:cryptpad/drawio-npm#npm-21.8.2",
|
||||
"pako": "^2.1.0",
|
||||
"x2js": "^3.4.4"
|
||||
},
|
||||
|
|
|
@ -40,7 +40,7 @@ Fse.rmSync(oldComponentsPath, { recursive: true, force: true });
|
|||
"saferphore",
|
||||
"nthen",
|
||||
"netflux-websocket",
|
||||
"drawio-cp",
|
||||
"drawio",
|
||||
"pako",
|
||||
"x2js"
|
||||
].forEach(l => {
|
||||
|
|
|
@ -178,7 +178,7 @@ define([
|
|||
// starting the CryptPad framework
|
||||
framework.start();
|
||||
|
||||
drawioFrame.src = '/components/drawio-cp/src/main/webapp/index.html?'
|
||||
drawioFrame.src = '/components/drawio/src/main/webapp/index.html?'
|
||||
+ new URLSearchParams({
|
||||
test: 1,
|
||||
stealth: 1,
|
||||
|
|
Loading…
Reference in New Issue