blitzwing/cryptpad
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add 'resource:' to script-src to enable shared-worker debugging in firefox

Browse source
This commit is contained in:
ansuz 2020-02-17 12:48:10 -05:00
parent 626a031115
commit ecce654ca6
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
docs/example.nginx.conf
View file

@ -96,7 +96,7 @@ server {
set $workerSrc "https://${main_domain}"; set $workerSrc "https://${main_domain}";
# script-src specifies valid sources for javascript, including inline handlers # script-src specifies valid sources for javascript, including inline handlers
set $scriptSrc "'self' ${main_domain}"; set $scriptSrc "'self' resource: ${main_domain}";
set $unsafe 0; set $unsafe 0;
# the following assets are loaded via the sandbox domain # the following assets are loaded via the sandbox domain
@ -110,7 +110,7 @@ server {
# privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied # privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied
if ($unsafe) { if ($unsafe) {
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' ${main_domain}"; set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: ${main_domain}";
} }
# Finally, set all the rules you composed above. # Finally, set all the rules you composed above.