mirror of
https://github.com/YunoHost-Apps/cryptpad_ynh.git
synced 2024-09-03 18:26:14 +02:00
remove sandbox
This commit is contained in:
parent
9219a7da5b
commit
ae70a35075
4 changed files with 1 additions and 75 deletions
|
@ -72,7 +72,7 @@ module.exports = {
|
||||||
*
|
*
|
||||||
* CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS.
|
* CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS.
|
||||||
*/
|
*/
|
||||||
httpSafeOrigin: "https://__SANDBOX_DOMAIN__",
|
//httpSafeOrigin: "https://_SANDBOX_DOMAIN_",
|
||||||
|
|
||||||
/* httpAddress specifies the address on which the nodejs server
|
/* httpAddress specifies the address on which the nodejs server
|
||||||
* should be accessible. By default it will listen on 127.0.0.1
|
* should be accessible. By default it will listen on 127.0.0.1
|
||||||
|
|
|
@ -1,55 +1,3 @@
|
||||||
set $main_domain "__DOMAIN__";
|
|
||||||
set $sandbox_domain "__SANDBOX_DOMAIN__";
|
|
||||||
|
|
||||||
set $allowed_origins "*";
|
|
||||||
# set $allowed_origins "https://${sandbox_domain}";
|
|
||||||
|
|
||||||
set $api_domain "api.__DOMAIN__";
|
|
||||||
set $files_domain "files.__DOMAIN__";
|
|
||||||
|
|
||||||
server_name __DOMAIN__ __SANDBOX_DOMAIN__;
|
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
||||||
add_header X-XSS-Protection "1; mode=block";
|
|
||||||
add_header X-Content-Type-Options nosniff;
|
|
||||||
add_header Access-Control-Allow-Origin "${allowed_origins}";
|
|
||||||
# add_header X-Frame-Options "SAMEORIGIN";
|
|
||||||
add_header Cross-Origin-Resource-Policy cross-origin;
|
|
||||||
add_header Cross-Origin-Embedder-Policy require-corp;
|
|
||||||
|
|
||||||
# any static assets loaded with "ver=" in their URL will be cached for a year
|
|
||||||
if ($args ~ ver=) {
|
|
||||||
set $cacheControl max-age=31536000;
|
|
||||||
}
|
|
||||||
if ($uri ~ ^/.*(\/|\.html)$) {
|
|
||||||
set $cacheControl no-cache;
|
|
||||||
}
|
|
||||||
# Will not set any header if it is emptystring
|
|
||||||
add_header Cache-Control $cacheControl;
|
|
||||||
|
|
||||||
set $styleSrc "'unsafe-inline' 'self' https://${main_domain}";
|
|
||||||
set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}";
|
|
||||||
set $fontSrc "'self' data: https://${main_domain}";
|
|
||||||
set $imgSrc "'self' data: blob: https://${main_domain}";
|
|
||||||
set $frameSrc "'self' https://${sandbox_domain} blob:";
|
|
||||||
set $mediaSrc "blob:";
|
|
||||||
set $childSrc "https://${main_domain}";
|
|
||||||
set $workerSrc "'self'";
|
|
||||||
set $scriptSrc "'self' resource: https://${main_domain}";
|
|
||||||
|
|
||||||
set $frameAncestors "'self' https://${main_domain}";
|
|
||||||
# set $frameAncestors "'self' https: vector:";
|
|
||||||
|
|
||||||
set $unsafe 0;
|
|
||||||
|
|
||||||
if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; }
|
|
||||||
if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; }
|
|
||||||
if ($host != $sandbox_domain) { set $unsafe 0; }
|
|
||||||
if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
|
|
||||||
if ($unsafe) {
|
|
||||||
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
|
|
||||||
}
|
|
||||||
|
|
||||||
location ^~ / {
|
location ^~ / {
|
||||||
|
|
||||||
proxy_pass http://127.0.0.1:__PORT__;
|
proxy_pass http://127.0.0.1:__PORT__;
|
||||||
|
@ -68,15 +16,3 @@ location ^~ / {
|
||||||
include conf.d/yunohost_panel.conf.inc;
|
include conf.d/yunohost_panel.conf.inc;
|
||||||
more_clear_input_headers 'Accept-Encoding';
|
more_clear_input_headers 'Accept-Encoding';
|
||||||
}
|
}
|
||||||
|
|
||||||
location ^~ /cryptpad_websocket {
|
|
||||||
proxy_pass http://localhost:__PORT__;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
# WebSocket support (nginx 1.4)
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection upgrade;
|
|
||||||
}
|
|
|
@ -38,14 +38,6 @@
|
||||||
"fr": "CryptPad doit être installé dans un domaine ou sous-domaine dédié."
|
"fr": "CryptPad doit être installé dans un domaine ou sous-domaine dédié."
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"name": "sandbox_domain",
|
|
||||||
"type": "domain",
|
|
||||||
"help": {
|
|
||||||
"en": "CryptPad needs to be installed in a dedicated domain or sub-domain.",
|
|
||||||
"fr": "CryptPad doit être installé dans un domaine ou sous-domaine dédié."
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
"name": "admin",
|
"name": "admin",
|
||||||
"type": "user"
|
"type": "user"
|
||||||
|
|
|
@ -28,7 +28,6 @@ is_public=$YNH_APP_ARG_IS_PUBLIC
|
||||||
path_url="/"
|
path_url="/"
|
||||||
admin=$YNH_APP_ARG_ADMIN
|
admin=$YNH_APP_ARG_ADMIN
|
||||||
email=$(ynh_user_get_info --username=$admin --key=mail)
|
email=$(ynh_user_get_info --username=$admin --key=mail)
|
||||||
sandbox_domain=$YNH_APP_ARG_SANDBOX_DOMAIN
|
|
||||||
|
|
||||||
app=$YNH_APP_INSTANCE_NAME
|
app=$YNH_APP_INSTANCE_NAME
|
||||||
|
|
||||||
|
@ -50,7 +49,6 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
|
||||||
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
||||||
ynh_app_setting_set --app=$app --key=path_url --value=$path_url
|
ynh_app_setting_set --app=$app --key=path_url --value=$path_url
|
||||||
ynh_app_setting_set --app=$app --key=admin --value=$admin
|
ynh_app_setting_set --app=$app --key=admin --value=$admin
|
||||||
ynh_app_setting_set --app=$app --key=sandbox_domain --value=$sandbox_domain
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# STANDARD MODIFICATIONS
|
# STANDARD MODIFICATIONS
|
||||||
|
|
Loading…
Reference in a new issue