diff options
author | Lauri Ojansivu <x@xet7.org> | 2018-08-16 14:29:38 +0300 |
---|---|---|
committer | Lauri Ojansivu <x@xet7.org> | 2018-08-16 14:29:38 +0300 |
commit | b3005f828dbf69bdf174d4bcd7654310fa9e0968 (patch) | |
tree | cef3291cd34b777fd35f2b7d635699d5a0f39df4 | |
parent | 36447ba1c0bf961b3f7a5cde0a82c240489c80e9 (diff) | |
download | wekan-b3005f828dbf69bdf174d4bcd7654310fa9e0968.tar.gz wekan-b3005f828dbf69bdf174d4bcd7654310fa9e0968.tar.bz2 wekan-b3005f828dbf69bdf174d4bcd7654310fa9e0968.zip |
- Use only framing policy, not all of content policy.
- Fix Date and Time Formats are only US in every language.
Thanks to xet7 !
Closes #1833
-rw-r--r-- | .meteor/packages | 6 | ||||
-rw-r--r-- | .meteor/versions | 2 | ||||
-rw-r--r-- | server/policy.js | 16 |
3 files changed, 11 insertions, 13 deletions
diff --git a/.meteor/packages b/.meteor/packages index e76e15fb..13f1384a 100644 --- a/.meteor/packages +++ b/.meteor/packages @@ -49,7 +49,6 @@ kadira:dochead meteorhacks:picker meteorhacks:subs-manager mquandalle:autofocus -mquandalle:moment ongoworks:speakingurl raix:handlebar-helpers tap:i18n @@ -81,8 +80,9 @@ staringatlights:fast-render mixmax:smart-disconnect accounts-password@1.5.0 cfs:gridfs -browser-policy eluck:accounts-lockout rzymek:fullcalendar momentjs:moment@2.22.2 -atoy40:accounts-cas
\ No newline at end of file +atoy40:accounts-cas +browser-policy-framing +mquandalle:moment diff --git a/.meteor/versions b/.meteor/versions index 9de09a74..f3470d97 100644 --- a/.meteor/versions +++ b/.meteor/versions @@ -19,9 +19,7 @@ binary-heap@1.0.10 blaze@2.3.2 blaze-tools@1.0.10 boilerplate-generator@1.3.1 -browser-policy@1.1.0 browser-policy-common@1.0.11 -browser-policy-content@1.1.0 browser-policy-framing@1.1.0 caching-compiler@1.1.9 caching-html-compiler@1.1.2 diff --git a/server/policy.js b/server/policy.js index 94f80b21..02a42cd4 100644 --- a/server/policy.js +++ b/server/policy.js @@ -8,27 +8,27 @@ Meteor.startup(() => { BrowserPolicy.framing.disallow(); //Allow inline scripts, otherwise there is errors in browser/inspect/console //BrowserPolicy.content.disallowInlineScripts(); - BrowserPolicy.content.disallowEval(); - BrowserPolicy.content.allowInlineStyles(); - BrowserPolicy.content.allowFontDataUrl(); + //BrowserPolicy.content.disallowEval(); + //BrowserPolicy.content.allowInlineStyles(); + //BrowserPolicy.content.allowFontDataUrl(); BrowserPolicy.framing.restrictToOrigin(trusted); - BrowserPolicy.content.allowScriptOrigin(trusted); + //BrowserPolicy.content.allowScriptOrigin(trusted); } else { // Disable browser policy and allow all framing and including. // Use only at internal LAN, not at Internet. BrowserPolicy.framing.allowAll(); - BrowserPolicy.content.allowDataUrlForAll(); + //BrowserPolicy.content.allowDataUrlForAll(); } // Allow all images from anywhere - BrowserPolicy.content.allowImageOrigin('*'); + //BrowserPolicy.content.allowImageOrigin('*'); // If Matomo URL is set, allow it. const matomoUrl = process.env.MATOMO_ADDRESS; if (matomoUrl){ - BrowserPolicy.content.allowScriptOrigin(matomoUrl); - BrowserPolicy.content.allowImageOrigin(matomoUrl); + //BrowserPolicy.content.allowScriptOrigin(matomoUrl); + //BrowserPolicy.content.allowImageOrigin(matomoUrl); } }); |