diff options
-rw-r--r-- | .meteor/packages | 6 | ||||
-rw-r--r-- | .meteor/versions | 2 | ||||
-rw-r--r-- | server/policy.js | 16 |
3 files changed, 11 insertions, 13 deletions
diff --git a/.meteor/packages b/.meteor/packages index e76e15fb..13f1384a 100644 --- a/.meteor/packages +++ b/.meteor/packages @@ -49,7 +49,6 @@ kadira:dochead meteorhacks:picker meteorhacks:subs-manager mquandalle:autofocus -mquandalle:moment ongoworks:speakingurl raix:handlebar-helpers tap:i18n @@ -81,8 +80,9 @@ staringatlights:fast-render mixmax:smart-disconnect accounts-password@1.5.0 cfs:gridfs -browser-policy eluck:accounts-lockout rzymek:fullcalendar momentjs:moment@2.22.2 -atoy40:accounts-cas
\ No newline at end of file +atoy40:accounts-cas +browser-policy-framing +mquandalle:moment diff --git a/.meteor/versions b/.meteor/versions index 9de09a74..f3470d97 100644 --- a/.meteor/versions +++ b/.meteor/versions @@ -19,9 +19,7 @@ binary-heap@1.0.10 blaze@2.3.2 blaze-tools@1.0.10 boilerplate-generator@1.3.1 -browser-policy@1.1.0 browser-policy-common@1.0.11 -browser-policy-content@1.1.0 browser-policy-framing@1.1.0 caching-compiler@1.1.9 caching-html-compiler@1.1.2 diff --git a/server/policy.js b/server/policy.js index 94f80b21..02a42cd4 100644 --- a/server/policy.js +++ b/server/policy.js @@ -8,27 +8,27 @@ Meteor.startup(() => { BrowserPolicy.framing.disallow(); //Allow inline scripts, otherwise there is errors in browser/inspect/console //BrowserPolicy.content.disallowInlineScripts(); - BrowserPolicy.content.disallowEval(); - BrowserPolicy.content.allowInlineStyles(); - BrowserPolicy.content.allowFontDataUrl(); + //BrowserPolicy.content.disallowEval(); + //BrowserPolicy.content.allowInlineStyles(); + //BrowserPolicy.content.allowFontDataUrl(); BrowserPolicy.framing.restrictToOrigin(trusted); - BrowserPolicy.content.allowScriptOrigin(trusted); + //BrowserPolicy.content.allowScriptOrigin(trusted); } else { // Disable browser policy and allow all framing and including. // Use only at internal LAN, not at Internet. BrowserPolicy.framing.allowAll(); - BrowserPolicy.content.allowDataUrlForAll(); + //BrowserPolicy.content.allowDataUrlForAll(); } // Allow all images from anywhere - BrowserPolicy.content.allowImageOrigin('*'); + //BrowserPolicy.content.allowImageOrigin('*'); // If Matomo URL is set, allow it. const matomoUrl = process.env.MATOMO_ADDRESS; if (matomoUrl){ - BrowserPolicy.content.allowScriptOrigin(matomoUrl); - BrowserPolicy.content.allowImageOrigin(matomoUrl); + //BrowserPolicy.content.allowScriptOrigin(matomoUrl); + //BrowserPolicy.content.allowImageOrigin(matomoUrl); } }); |