Merge branch 'staging' of github.com:xwiki-labs/cryptpad into staging

2017-06-07 10:14:51 +02:00 · 2017-06-07 10:14:51 +02:00 · 5cbfc1a23c
commit 5cbfc1a23c
parent 2f851ab97e aa9aaefdea
2 changed files with 8 additions and 0 deletions
--- a/config.example.js
+++ b/config.example.js
@ -45,6 +45,9 @@ module.exports = {

        // data: is used by codemirror
        "img-src 'self' data: blob:",
+
+        // for accounts.cryptpad.fr authentication
+        "frame-ancestors 'self' accounts.cryptpad.fr",
    ].join('; '),

    // CKEditor requires significantly more lax content security policy in order to function.
--- a/server.js
+++ b/server.js
@ -34,6 +34,11 @@ var setHeaders = (function () {
    const headers = clone(config.httpHeaders);
    if (config.contentSecurity) {
        headers['Content-Security-Policy'] = clone(config.contentSecurity);
+        if (headers['Content-Security-Policy'].indexOf('frame-ancestors') === -1) {
+            // backward compat for those who do not merge the new version of the config
+            // when updating. This prevents endless spinner if someone clicks donate.
+            headers['Content-Security-Policy'] += "frame-ancestors 'self' accounts.cryptpad.fr;";
+        }
    }
    const padHeaders = clone(headers);
    if (config.padContentSecurity) {