Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-01-03 16:18:49 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

- Use only framing policy, not all of content policy.

Browse source 
- Fix Date and Time Formats are only US in every language.

Thanks to xet7 !

Closes #1833
This commit is contained in:
Lauri Ojansivu 2018-08-16 14:29:38 +03:00
parent 36447ba1c0
commit b3005f828d
3 changed files with 11 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

16
server/policy.js
View file

@ -8,27 +8,27 @@ Meteor.startup(() => {
BrowserPolicy.framing.disallow();
//Allow inline scripts, otherwise there is errors in browser/inspect/console
//BrowserPolicy.content.disallowInlineScripts();
BrowserPolicy.content.disallowEval();
BrowserPolicy.content.allowInlineStyles();
BrowserPolicy.content.allowFontDataUrl();
//BrowserPolicy.content.disallowEval();
//BrowserPolicy.content.allowInlineStyles();
//BrowserPolicy.content.allowFontDataUrl();
BrowserPolicy.framing.restrictToOrigin(trusted);
BrowserPolicy.content.allowScriptOrigin(trusted);
//BrowserPolicy.content.allowScriptOrigin(trusted);
}
else {
// Disable browser policy and allow all framing and including.
// Use only at internal LAN, not at Internet.
BrowserPolicy.framing.allowAll();
BrowserPolicy.content.allowDataUrlForAll();
//BrowserPolicy.content.allowDataUrlForAll();
}
// Allow all images from anywhere
BrowserPolicy.content.allowImageOrigin('*');
//BrowserPolicy.content.allowImageOrigin('*');
// If Matomo URL is set, allow it.
const matomoUrl = process.env.MATOMO_ADDRESS;
if (matomoUrl){
BrowserPolicy.content.allowScriptOrigin(matomoUrl);
BrowserPolicy.content.allowImageOrigin(matomoUrl);
//BrowserPolicy.content.allowScriptOrigin(matomoUrl);
//BrowserPolicy.content.allowImageOrigin(matomoUrl);
}
});