Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-01-27 11:46:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Removed browser contect policy so that attachments would be visible. Part 2.

Browse source 
Thanks to xet7 !

Fixes #4468
This commit is contained in:
Lauri Ojansivu 2022-04-08 18:37:51 +03:00
parent f824eab198
commit 12448ab473
3 changed files with 3 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

6
server/policy.js
View file

@ -15,18 +15,18 @@ Meteor.startup(() => {
if (process.env.BROWSER_POLICY_ENABLED === 'true') {
// Trusted URL that can embed Wekan in iFrame.
const trusted = process.env.TRUSTED_URL;
BrowserPolicy.framing.disallow();
////BrowserPolicy.framing.disallow();
//Allow inline scripts, otherwise there is errors in browser/inspect/console
//BrowserPolicy.content.disallowInlineScripts();
//BrowserPolicy.content.disallowEval();
//BrowserPolicy.content.allowInlineStyles();
//BrowserPolicy.content.allowFontDataUrl();
BrowserPolicy.framing.restrictToOrigin(trusted);
////BrowserPolicy.framing.restrictToOrigin(trusted);
//BrowserPolicy.content.allowScriptOrigin(trusted);
} else {
// Disable browser policy and allow all framing and including.
// Use only at internal LAN, not at Internet.
BrowserPolicy.framing.allowAll();
////BrowserPolicy.framing.allowAll();
}