1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/cryptpad_ynh.git synced 2024-09-03 18:26:14 +02:00

remove sandbox

This commit is contained in:
ericgaspar 2022-04-05 08:38:13 +02:00
parent 9219a7da5b
commit ae70a35075
No known key found for this signature in database
GPG key ID: 574F281483054D44
4 changed files with 1 additions and 75 deletions

View file

@ -72,7 +72,7 @@ module.exports = {
* *
* CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS. * CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS.
*/ */
httpSafeOrigin: "https://__SANDBOX_DOMAIN__", //httpSafeOrigin: "https://_SANDBOX_DOMAIN_",
/* httpAddress specifies the address on which the nodejs server /* httpAddress specifies the address on which the nodejs server
* should be accessible. By default it will listen on 127.0.0.1 * should be accessible. By default it will listen on 127.0.0.1

View file

@ -1,55 +1,3 @@
set $main_domain "__DOMAIN__";
set $sandbox_domain "__SANDBOX_DOMAIN__";
set $allowed_origins "*";
# set $allowed_origins "https://${sandbox_domain}";
set $api_domain "api.__DOMAIN__";
set $files_domain "files.__DOMAIN__";
server_name __DOMAIN__ __SANDBOX_DOMAIN__;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header Access-Control-Allow-Origin "${allowed_origins}";
# add_header X-Frame-Options "SAMEORIGIN";
add_header Cross-Origin-Resource-Policy cross-origin;
add_header Cross-Origin-Embedder-Policy require-corp;
# any static assets loaded with "ver=" in their URL will be cached for a year
if ($args ~ ver=) {
set $cacheControl max-age=31536000;
}
if ($uri ~ ^/.*(\/|\.html)$) {
set $cacheControl no-cache;
}
# Will not set any header if it is emptystring
add_header Cache-Control $cacheControl;
set $styleSrc "'unsafe-inline' 'self' https://${main_domain}";
set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}";
set $fontSrc "'self' data: https://${main_domain}";
set $imgSrc "'self' data: blob: https://${main_domain}";
set $frameSrc "'self' https://${sandbox_domain} blob:";
set $mediaSrc "blob:";
set $childSrc "https://${main_domain}";
set $workerSrc "'self'";
set $scriptSrc "'self' resource: https://${main_domain}";
set $frameAncestors "'self' https://${main_domain}";
# set $frameAncestors "'self' https: vector:";
set $unsafe 0;
if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; }
if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; }
if ($host != $sandbox_domain) { set $unsafe 0; }
if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
if ($unsafe) {
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
}
location ^~ / { location ^~ / {
proxy_pass http://127.0.0.1:__PORT__; proxy_pass http://127.0.0.1:__PORT__;
@ -68,15 +16,3 @@ location ^~ / {
include conf.d/yunohost_panel.conf.inc; include conf.d/yunohost_panel.conf.inc;
more_clear_input_headers 'Accept-Encoding'; more_clear_input_headers 'Accept-Encoding';
} }
location ^~ /cryptpad_websocket {
proxy_pass http://localhost:__PORT__;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support (nginx 1.4)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
}

View file

@ -38,14 +38,6 @@
"fr": "CryptPad doit être installé dans un domaine ou sous-domaine dédié." "fr": "CryptPad doit être installé dans un domaine ou sous-domaine dédié."
} }
}, },
{
"name": "sandbox_domain",
"type": "domain",
"help": {
"en": "CryptPad needs to be installed in a dedicated domain or sub-domain.",
"fr": "CryptPad doit être installé dans un domaine ou sous-domaine dédié."
}
},
{ {
"name": "admin", "name": "admin",
"type": "user" "type": "user"

View file

@ -28,7 +28,6 @@ is_public=$YNH_APP_ARG_IS_PUBLIC
path_url="/" path_url="/"
admin=$YNH_APP_ARG_ADMIN admin=$YNH_APP_ARG_ADMIN
email=$(ynh_user_get_info --username=$admin --key=mail) email=$(ynh_user_get_info --username=$admin --key=mail)
sandbox_domain=$YNH_APP_ARG_SANDBOX_DOMAIN
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
@ -50,7 +49,6 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path_url --value=$path_url ynh_app_setting_set --app=$app --key=path_url --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=sandbox_domain --value=$sandbox_domain
#================================================= #=================================================
# STANDARD MODIFICATIONS # STANDARD MODIFICATIONS