From ae70a35075fc7b28168dc2be606044f8fd0378e3 Mon Sep 17 00:00:00 2001
From: ericgaspar <junk.eg@free.fr>
Date: Tue, 5 Apr 2022 08:38:13 +0200
Subject: [PATCH] remove sandbox

---
 conf/config.js  |  2 +-
 conf/nginx.conf | 64 -------------------------------------------------
 manifest.json   |  8 -------
 scripts/install |  2 --
 4 files changed, 1 insertion(+), 75 deletions(-)

diff --git a/conf/config.js b/conf/config.js
index b27b979..9e79c87 100644
--- a/conf/config.js
+++ b/conf/config.js
@@ -72,7 +72,7 @@ module.exports = {
  *
  *  CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS.
  */
-    httpSafeOrigin: "https://__SANDBOX_DOMAIN__",
+    //httpSafeOrigin: "https://_SANDBOX_DOMAIN_",
 
 /*  httpAddress specifies the address on which the nodejs server
  *  should be accessible. By default it will listen on 127.0.0.1
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 241e988..1fd74de 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,55 +1,3 @@
-    set $main_domain "__DOMAIN__";
-    set $sandbox_domain "__SANDBOX_DOMAIN__";
-
-    set $allowed_origins "*";
-    # set $allowed_origins "https://${sandbox_domain}";
-
-    set $api_domain "api.__DOMAIN__";
-    set $files_domain "files.__DOMAIN__";
-
-    server_name __DOMAIN__ __SANDBOX_DOMAIN__;
-
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-    add_header X-XSS-Protection "1; mode=block";
-    add_header X-Content-Type-Options nosniff;
-    add_header Access-Control-Allow-Origin "${allowed_origins}";
-    # add_header X-Frame-Options "SAMEORIGIN";
-    add_header Cross-Origin-Resource-Policy cross-origin;
-    add_header Cross-Origin-Embedder-Policy require-corp;
-
-    # any static assets loaded with "ver=" in their URL will be cached for a year
-    if ($args ~ ver=) {
-        set $cacheControl max-age=31536000;
-    }
-    if ($uri ~ ^/.*(\/|\.html)$) {
-        set $cacheControl no-cache;
-    }
-    # Will not set any header if it is emptystring
-    add_header Cache-Control $cacheControl;
-
-    set $styleSrc   "'unsafe-inline' 'self' https://${main_domain}";
-    set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}";
-    set $fontSrc    "'self' data: https://${main_domain}";
-    set $imgSrc     "'self' data: blob: https://${main_domain}";
-    set $frameSrc   "'self' https://${sandbox_domain} blob:";
-    set $mediaSrc   "blob:";
-    set $childSrc   "https://${main_domain}";
-    set $workerSrc  "'self'";
-    set $scriptSrc  "'self' resource: https://${main_domain}";
-
-    set $frameAncestors "'self' https://${main_domain}";
-    # set $frameAncestors "'self' https: vector:";
-
-    set $unsafe 0;
-
-    if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; }
-    if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; }
-    if ($host != $sandbox_domain) { set $unsafe 0; }
-    if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
-    if ($unsafe) {
-        set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
-    }
-
 location ^~ / {
 
     proxy_pass http://127.0.0.1:__PORT__;
@@ -68,15 +16,3 @@ location ^~ / {
     include conf.d/yunohost_panel.conf.inc;
     more_clear_input_headers 'Accept-Encoding';
 }
-
-    location ^~ /cryptpad_websocket {
-        proxy_pass http://localhost:__PORT__;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-        # WebSocket support (nginx 1.4)
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection upgrade;
-    }
\ No newline at end of file
diff --git a/manifest.json b/manifest.json
index 9ce7af4..1591152 100644
--- a/manifest.json
+++ b/manifest.json
@@ -38,14 +38,6 @@
                     "fr": "CryptPad doit être installé dans un domaine ou sous-domaine dédié."
                 }
             },
-            {
-                "name": "sandbox_domain",
-                "type": "domain",
-                "help": {
-                    "en": "CryptPad needs to be installed in a dedicated domain or sub-domain.",
-                    "fr": "CryptPad doit être installé dans un domaine ou sous-domaine dédié."
-                }
-            },
             {
                 "name": "admin",
                 "type": "user"
diff --git a/scripts/install b/scripts/install
index 4ff38ba..eaa37bb 100644
--- a/scripts/install
+++ b/scripts/install
@@ -28,7 +28,6 @@ is_public=$YNH_APP_ARG_IS_PUBLIC
 path_url="/"
 admin=$YNH_APP_ARG_ADMIN
 email=$(ynh_user_get_info --username=$admin --key=mail)
-sandbox_domain=$YNH_APP_ARG_SANDBOX_DOMAIN
 
 app=$YNH_APP_INSTANCE_NAME
 
@@ -50,7 +49,6 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path_url --value=$path_url
 ynh_app_setting_set --app=$app --key=admin --value=$admin
-ynh_app_setting_set --app=$app --key=sandbox_domain --value=$sandbox_domain
 
 #=================================================
 # STANDARD MODIFICATIONS