blitzwing/cryptpad
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'basic-auth' into authentication

Browse source
This commit is contained in:
ansuz 2023-03-20 13:44:10 +05:30
commit ee5d270d6a
2 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
docs/example.nginx.conf
View file

@ -82,6 +82,7 @@ server {
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header Access-Control-Allow-Origin "${allowed_origins}"; add_header Access-Control-Allow-Origin "${allowed_origins}";
add_header Access-Control-Allow-Credentials true;
# add_header X-Frame-Options "SAMEORIGIN"; # add_header X-Frame-Options "SAMEORIGIN";
# Opt out of Google's FLoC Network # Opt out of Google's FLoC Network
@ -219,6 +220,7 @@ server {
location ^~ /blob/ { location ^~ /blob/ {
if ($request_method = 'OPTIONS') { if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' "${allowed_origins}"; add_header 'Access-Control-Allow-Origin' "${allowed_origins}";
add_header 'Access-Control-Allow-Credentials' true;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range'; add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Max-Age' 1728000; add_header 'Access-Control-Max-Age' 1728000;
@ -229,6 +231,7 @@ server {
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header Cache-Control max-age=31536000; add_header Cache-Control max-age=31536000;
add_header 'Access-Control-Allow-Origin' "${allowed_origins}"; add_header 'Access-Control-Allow-Origin' "${allowed_origins}";
add_header 'Access-Control-Allow-Credentials' true;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length'; add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length';
add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length'; add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length';

4
www/common/media-tag.js
View file

@ -244,6 +244,7 @@ var factory = function () {
var check = function () { var check = function () {
var xhr = new XMLHttpRequest(); var xhr = new XMLHttpRequest();
xhr.open("HEAD", src); xhr.open("HEAD", src);
xhr.withCredentials = true;
xhr.onerror = function () { return void cb("XHR_ERROR"); }; xhr.onerror = function () { return void cb("XHR_ERROR"); };
xhr.onreadystatechange = function() { xhr.onreadystatechange = function() {
if (this.readyState === this.DONE) { if (this.readyState === this.DONE) {
@ -276,6 +277,7 @@ var factory = function () {
var fetch = function () { var fetch = function () {
var xhr = new XMLHttpRequest(); var xhr = new XMLHttpRequest();
xhr.open('GET', src, true); xhr.open('GET', src, true);
xhr.withCredentials = true;
xhr.responseType = 'arraybuffer'; xhr.responseType = 'arraybuffer';
var progress = function (offset) { var progress = function (offset) {
@ -387,6 +389,7 @@ var factory = function () {
var fetch = function () { var fetch = function () {
var xhr = new XMLHttpRequest(); var xhr = new XMLHttpRequest();
xhr.open('GET', src, true); xhr.open('GET', src, true);
xhr.withCredentials = true;
xhr.setRequestHeader('Range', 'bytes=0-1'); xhr.setRequestHeader('Range', 'bytes=0-1');
xhr.responseType = 'arraybuffer'; xhr.responseType = 'arraybuffer';
@ -399,6 +402,7 @@ var factory = function () {
var xhr2 = new XMLHttpRequest(); var xhr2 = new XMLHttpRequest();
xhr2.open("GET", src, true); xhr2.open("GET", src, true);
xhr2.withCredentials = true;
xhr2.setRequestHeader('Range', 'bytes=2-' + (size + 2)); xhr2.setRequestHeader('Range', 'bytes=2-' + (size + 2));
xhr2.responseType = 'arraybuffer'; xhr2.responseType = 'arraybuffer';
xhr2.onload = function () { xhr2.onload = function () {