free
/
freedombone
關註 1
收藏 0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 0 Wiki Activity
瀏覽代碼

Don't allow cryptpad registrations plus no content security policy 

csp causes things to fail
Bob Mottram 8 年之前
父節點
08b465af6a
當前提交
01ce3b7457
共有 1 個文件被更改,包括 9 次插入3 次删除
統一視圖 顯示文件統計
  1. 9
    3
      src/freedombone-app-cryptpad

+ 9
- 3
src/freedombone-app-cryptpad 查看文件

376 
         echo '    try_files $uri =404;' >> $cryptpad_nginx_site
 376 
         echo '    try_files $uri =404;' >> $cryptpad_nginx_site
377 
         echo '  }' >> $cryptpad_nginx_site
 377 
         echo '  }' >> $cryptpad_nginx_site
378 
         echo '' >> $cryptpad_nginx_site
 378 
         echo '' >> $cryptpad_nginx_site
379 
+        echo '  location ^~ /register/ {' >> $cryptpad_nginx_site
380 
+        echo '    try_files $uri =404;' >> $cryptpad_nginx_site
381 
+        echo '  }' >> $cryptpad_nginx_site
382 
+        echo '' >> $cryptpad_nginx_site
379 
         echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
 383 
         echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
380 
         echo '    rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
 384 
         echo '    rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
381 
         echo '  }' >> $cryptpad_nginx_site
 385 
         echo '  }' >> $cryptpad_nginx_site
406 
     echo "    set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site
 410 
     echo "    set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site
407 
     echo '  }' >> $cryptpad_nginx_site
 411 
     echo '  }' >> $cryptpad_nginx_site
408 
     echo '' >> $cryptpad_nginx_site
 412 
     echo '' >> $cryptpad_nginx_site
409 
-    echo "  add_header Content-Security-Policy \"default-src http:; script-src http: 'unsafe-inline'; style-src http: 'unsafe-inline'; img-src data: * blob: font-src self\";" >> $cryptpad_nginx_site
410 
-    echo '' >> $cryptpad_nginx_site
411 
     echo '  location = /cryptpad_websocket {' >> $cryptpad_nginx_site
 413 
     echo '  location = /cryptpad_websocket {' >> $cryptpad_nginx_site
412 
     echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site
 414 
     echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site
413 
     echo '    proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site
 415 
     echo '    proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site
437 
     echo '    try_files $uri =404;' >> $cryptpad_nginx_site
 439 
     echo '    try_files $uri =404;' >> $cryptpad_nginx_site
438 
     echo '  }' >> $cryptpad_nginx_site
 440 
     echo '  }' >> $cryptpad_nginx_site
439 
     echo '' >> $cryptpad_nginx_site
 441 
     echo '' >> $cryptpad_nginx_site
442 
+    echo '  location ^~ /register/ {' >> $cryptpad_nginx_site
443 
+    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
444 
+    echo '  }' >> $cryptpad_nginx_site
445 
+    echo '' >> $cryptpad_nginx_site
440 
     echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
 446 
     echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
441 
     echo '    rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
 447 
     echo '    rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
442 
     echo '  }' >> $cryptpad_nginx_site
 448 
     echo '  }' >> $cryptpad_nginx_site
445 
     echo '}' >> $cryptpad_nginx_site
 451 
     echo '}' >> $cryptpad_nginx_site
446
452
447 
     sed -i 's|DENY;|SAMEORIGIN;|g' $cryptpad_nginx_site
 453 
     sed -i 's|DENY;|SAMEORIGIN;|g' $cryptpad_nginx_site
448 
-    sed -i "s|Content-Security-Policy.*|Content-Security-Policy \"default-src http:; script-src http: 'unsafe-inline'; style-src http: 'unsafe-inline'; img-src data: * blob: font-src self\";|g" $cryptpad_nginx_site
454 
+    sed -i "/Content-Security-Policy/d" $cryptpad_nginx_site
449
455
450 
     function_check create_site_certificate
 456 
     function_check create_site_certificate
451 
     create_site_certificate $CRYPTPAD_DOMAIN_NAME 'yes'
 457 
     create_site_certificate $CRYPTPAD_DOMAIN_NAME 'yes'