From 0be64ac95899b9ee8626b04d573d0c26e743e640 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Wed, 11 May 2022 13:12:12 +0530
Subject: [PATCH] simplify accounts configuration on dev instances

---
 lib/defaults.js     | 3 ++-
 lib/env.js          | 1 +
 www/checkup/main.js | 5 +++--
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/defaults.js b/lib/defaults.js
index 5078c9a84..e3920d79e 100644
--- a/lib/defaults.js
+++ b/lib/defaults.js
@@ -5,6 +5,7 @@ Default.commonCSP = function (Env) {
     var sandbox = Env.httpSafeOrigin;
     sandbox = (sandbox && sandbox !== domain? ' ' + sandbox: '');
     // Content-Security-Policy
+    var accounts_api = Env.accounts_api? ' ' + Env.accounts_api: '';
 
     return [
         "default-src 'none'",
@@ -25,7 +26,7 @@ Default.commonCSP = function (Env) {
             if you are deploying to production, you'll probably want to remove
             the ws://* directive
          */
-        "connect-src 'self' blob: " + (/^https:/.test(domain)? 'wss:': domain.replace('http://', 'ws://')) + ' ' + domain + sandbox,
+        "connect-src 'self' blob: " + (/^https:/.test(domain)? 'wss:': domain.replace('http://', 'ws://')) + ' ' + domain + sandbox + accounts_api,
 
         // data: is used by codemirror
         "img-src 'self' data: blob:" + domain,
diff --git a/lib/env.js b/lib/env.js
index ad5aff081..4ead99b06 100644
--- a/lib/env.js
+++ b/lib/env.js
@@ -73,6 +73,7 @@ module.exports.create = function (config) {
         fileHost: config.fileHost || undefined,
         NO_SANDBOX: NO_SANDBOX,
         httpSafePort: httpSafePort,
+        accounts_api: config.accounts_api || undefined, // XXX
 
         shouldUpdateNode: !isRecentVersion(),
 
diff --git a/www/checkup/main.js b/www/checkup/main.js
index ceede953c..4632dfd9a 100644
--- a/www/checkup/main.js
+++ b/www/checkup/main.js
@@ -75,6 +75,7 @@ define([
     var trimmedSafe = trimSlashes(ApiConfig.httpSafeOrigin);
     var trimmedUnsafe = trimSlashes(ApiConfig.httpUnsafeOrigin);
     var fileHost = ApiConfig.fileHost;
+    var accounts_api = ApiConfig.accounts_api || AppConfig.accounts_api || undefined;
 
     var getAPIPlaceholderPath = function (relative) {
         var absolute;
@@ -986,7 +987,7 @@ define([
                     API_URL.origin,
                     isHTTPS(fileHost)? fileHost: undefined,
                     // support for cryptpad.fr configuration
-                    AppConfig.accounts_api,
+                    accounts_api,
                     ![trimmedUnsafe, trimmedSafe].includes(ACCOUNTS_URL)? ACCOUNTS_URL: undefined,
                 ],
 
@@ -1025,7 +1026,7 @@ define([
                     $sandbox,
                     API_URL.origin,
                     isHTTPS(fileHost)? fileHost: undefined,
-                    AppConfig.accounts_api,
+                    accounts_api,
                     ![trimmedUnsafe, trimmedSafe].includes(ACCOUNTS_URL)? ACCOUNTS_URL: undefined,
                 ],
                 'img-src': ["'self'", 'data:', 'blob:', $outer],