mirror of
https://github.com/YunoHost-Apps/cryptpad_ynh.git
synced 2024-09-03 18:26:14 +02:00
remove sandbox
This commit is contained in:
ericgaspar
parent
9219a7da5b
commit
ae70a35075
4 changed files with 1 additions and 75 deletions
|
|
@ -72,7 +72,7 @@ module.exports = {
|
|||
*
|
||||
* CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS.
|
||||
*/
|
||||
httpSafeOrigin: "https://__SANDBOX_DOMAIN__",
|
||||
//httpSafeOrigin: "https://_SANDBOX_DOMAIN_",
|
||||
|
||||
/* httpAddress specifies the address on which the nodejs server
|
||||
* should be accessible. By default it will listen on 127.0.0.1
|
||||
|
|
|
|||
|
|
@ -1,55 +1,3 @@
|
|||
set $main_domain "__DOMAIN__";
|
||||
set $sandbox_domain "__SANDBOX_DOMAIN__";
|
||||
|
||||
set $allowed_origins "*";
|
||||
# set $allowed_origins "https://${sandbox_domain}";
|
||||
|
||||
set $api_domain "api.__DOMAIN__";
|
||||
set $files_domain "files.__DOMAIN__";
|
||||
|
||||
server_name __DOMAIN__ __SANDBOX_DOMAIN__;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header Access-Control-Allow-Origin "${allowed_origins}";
|
||||
# add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header Cross-Origin-Resource-Policy cross-origin;
|
||||
add_header Cross-Origin-Embedder-Policy require-corp;
|
||||
|
||||
# any static assets loaded with "ver=" in their URL will be cached for a year
|
||||
if ($args ~ ver=) {
|
||||
set $cacheControl max-age=31536000;
|
||||
}
|
||||
if ($uri ~ ^/.*(\/|\.html)$) {
|
||||
set $cacheControl no-cache;
|
||||
}
|
||||
# Will not set any header if it is emptystring
|
||||
add_header Cache-Control $cacheControl;
|
||||
|
||||
set $styleSrc "'unsafe-inline' 'self' https://${main_domain}";
|
||||
set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}";
|
||||
set $fontSrc "'self' data: https://${main_domain}";
|
||||
set $imgSrc "'self' data: blob: https://${main_domain}";
|
||||
set $frameSrc "'self' https://${sandbox_domain} blob:";
|
||||
set $mediaSrc "blob:";
|
||||
set $childSrc "https://${main_domain}";
|
||||
set $workerSrc "'self'";
|
||||
set $scriptSrc "'self' resource: https://${main_domain}";
|
||||
|
||||
set $frameAncestors "'self' https://${main_domain}";
|
||||
# set $frameAncestors "'self' https: vector:";
|
||||
|
||||
set $unsafe 0;
|
||||
|
||||
if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; }
|
||||
if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; }
|
||||
if ($host != $sandbox_domain) { set $unsafe 0; }
|
||||
if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
|
||||
if ($unsafe) {
|
||||
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
|
||||
}
|
||||
|
||||
location ^~ / {
|
||||
|
||||
proxy_pass http://127.0.0.1:__PORT__;
|
||||
|
|
@ -68,15 +16,3 @@ location ^~ / {
|
|||
include conf.d/yunohost_panel.conf.inc;
|
||||
more_clear_input_headers 'Accept-Encoding';
|
||||
}
|
||||
|
||||
location ^~ /cryptpad_websocket {
|
||||
proxy_pass http://localhost:__PORT__;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
# WebSocket support (nginx 1.4)
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection upgrade;
|
||||
}
|
||||
|
|
@ -38,14 +38,6 @@
|
|||
"fr": "CryptPad doit être installé dans un domaine ou sous-domaine dédié."
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "sandbox_domain",
|
||||
"type": "domain",
|
||||
"help": {
|
||||
"en": "CryptPad needs to be installed in a dedicated domain or sub-domain.",
|
||||
"fr": "CryptPad doit être installé dans un domaine ou sous-domaine dédié."
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "admin",
|
||||
"type": "user"
|
||||
|
|
|
|||
|
|
@ -28,7 +28,6 @@ is_public=$YNH_APP_ARG_IS_PUBLIC
|
|||
path_url="/"
|
||||
admin=$YNH_APP_ARG_ADMIN
|
||||
email=$(ynh_user_get_info --username=$admin --key=mail)
|
||||
sandbox_domain=$YNH_APP_ARG_SANDBOX_DOMAIN
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
|
|
@ -50,7 +49,6 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
|
|||
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
||||
ynh_app_setting_set --app=$app --key=path_url --value=$path_url
|
||||
ynh_app_setting_set --app=$app --key=admin --value=$admin
|
||||
ynh_app_setting_set --app=$app --key=sandbox_domain --value=$sandbox_domain
|
||||
|
||||
#=================================================
|
||||
# STANDARD MODIFICATIONS
|
||||
|
|
|
|||
Loading…
Reference in a new issue