free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Don't allow cryptpad registrations plus no content security policy 

csp causes things to fail
Bob Mottram 8 years ago
parent
08b465af6a
commit
01ce3b7457
1 changed files with 9 additions and 3 deletions
Split View Show Diff Stats
  1. 9
    3
      src/freedombone-app-cryptpad

+ 9
- 3
src/freedombone-app-cryptpad View File 

@@ -376,6 +376,10 @@ function install_cryptpad_main {
376 376 
         echo '    try_files $uri =404;' >> $cryptpad_nginx_site
377 377 
         echo '  }' >> $cryptpad_nginx_site
378 378 
         echo '' >> $cryptpad_nginx_site
379 
+        echo '  location ^~ /register/ {' >> $cryptpad_nginx_site
380 
+        echo '    try_files $uri =404;' >> $cryptpad_nginx_site
381 
+        echo '  }' >> $cryptpad_nginx_site
382 
+        echo '' >> $cryptpad_nginx_site
379 383 
         echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
380 384 
         echo '    rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
381 385 
         echo '  }' >> $cryptpad_nginx_site
 
@@ -406,8 +410,6 @@ function install_cryptpad_main {
406 410 
     echo "    set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site
407 411 
     echo '  }' >> $cryptpad_nginx_site
408 412 
     echo '' >> $cryptpad_nginx_site
409 
-    echo "  add_header Content-Security-Policy \"default-src http:; script-src http: 'unsafe-inline'; style-src http: 'unsafe-inline'; img-src data: * blob: font-src self\";" >> $cryptpad_nginx_site
410 
-    echo '' >> $cryptpad_nginx_site
411 413 
     echo '  location = /cryptpad_websocket {' >> $cryptpad_nginx_site
412 414 
     echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site
413 415 
     echo '    proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site
 
@@ -437,6 +439,10 @@ function install_cryptpad_main {
437 439 
     echo '    try_files $uri =404;' >> $cryptpad_nginx_site
438 440 
     echo '  }' >> $cryptpad_nginx_site
439 441 
     echo '' >> $cryptpad_nginx_site
442 
+    echo '  location ^~ /register/ {' >> $cryptpad_nginx_site
443 
+    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
444 
+    echo '  }' >> $cryptpad_nginx_site
445 
+    echo '' >> $cryptpad_nginx_site
440 446 
     echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
441 447 
     echo '    rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
442 448 
     echo '  }' >> $cryptpad_nginx_site
 
@@ -445,7 +451,7 @@ function install_cryptpad_main {
445 451 
     echo '}' >> $cryptpad_nginx_site
446 452
447 453 
     sed -i 's|DENY;|SAMEORIGIN;|g' $cryptpad_nginx_site
448 
-    sed -i "s|Content-Security-Policy.*|Content-Security-Policy \"default-src http:; script-src http: 'unsafe-inline'; style-src http: 'unsafe-inline'; img-src data: * blob: font-src self\";|g" $cryptpad_nginx_site
454 
+    sed -i "/Content-Security-Policy/d" $cryptpad_nginx_site
449 455
450 456 
     function_check create_site_certificate
451 457 
     create_site_certificate $CRYPTPAD_DOMAIN_NAME 'yes'