Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-16 23:40:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

- Use only framing policy, not all of content policy.

Browse source 
- Fix Date and Time Formats are only US in every language.

Thanks to xet7 !

Closes #1833
This commit is contained in:
Lauri Ojansivu 2018-08-16 14:29:38 +03:00
parent 36447ba1c0
commit b3005f828d
3 changed files with 11 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.meteor/packages
View file

@ -49,7 +49,6 @@ kadira:dochead
meteorhacks:picker meteorhacks:picker
meteorhacks:subs-manager meteorhacks:subs-manager
mquandalle:autofocus mquandalle:autofocus
mquandalle:moment
ongoworks:speakingurl ongoworks:speakingurl
raix:handlebar-helpers raix:handlebar-helpers
tap:i18n tap:i18n
@ -81,8 +80,9 @@ staringatlights:fast-render
mixmax:smart-disconnect mixmax:smart-disconnect
accounts-password@1.5.0 accounts-password@1.5.0
cfs:gridfs cfs:gridfs
browser-policy
eluck:accounts-lockout eluck:accounts-lockout
rzymek:fullcalendar rzymek:fullcalendar
momentjs:moment@2.22.2 momentjs:moment@2.22.2
atoy40:accounts-cas atoy40:accounts-cas
browser-policy-framing
mquandalle:moment

2
.meteor/versions
View file

@ -19,9 +19,7 @@ binary-heap@1.0.10
blaze@2.3.2 blaze@2.3.2
blaze-tools@1.0.10 blaze-tools@1.0.10
boilerplate-generator@1.3.1 boilerplate-generator@1.3.1
browser-policy@1.1.0
browser-policy-common@1.0.11 browser-policy-common@1.0.11
browser-policy-content@1.1.0
browser-policy-framing@1.1.0 browser-policy-framing@1.1.0
caching-compiler@1.1.9 caching-compiler@1.1.9
caching-html-compiler@1.1.2 caching-html-compiler@1.1.2

16
server/policy.js
View file

@ -8,27 +8,27 @@ Meteor.startup(() => {
BrowserPolicy.framing.disallow(); BrowserPolicy.framing.disallow();
//Allow inline scripts, otherwise there is errors in browser/inspect/console //Allow inline scripts, otherwise there is errors in browser/inspect/console
//BrowserPolicy.content.disallowInlineScripts(); //BrowserPolicy.content.disallowInlineScripts();
BrowserPolicy.content.disallowEval(); //BrowserPolicy.content.disallowEval();
BrowserPolicy.content.allowInlineStyles(); //BrowserPolicy.content.allowInlineStyles();
BrowserPolicy.content.allowFontDataUrl(); //BrowserPolicy.content.allowFontDataUrl();
BrowserPolicy.framing.restrictToOrigin(trusted); BrowserPolicy.framing.restrictToOrigin(trusted);
BrowserPolicy.content.allowScriptOrigin(trusted); //BrowserPolicy.content.allowScriptOrigin(trusted);
} }
else { else {
// Disable browser policy and allow all framing and including. // Disable browser policy and allow all framing and including.
// Use only at internal LAN, not at Internet. // Use only at internal LAN, not at Internet.
BrowserPolicy.framing.allowAll(); BrowserPolicy.framing.allowAll();
BrowserPolicy.content.allowDataUrlForAll(); //BrowserPolicy.content.allowDataUrlForAll();
} }
// Allow all images from anywhere // Allow all images from anywhere
BrowserPolicy.content.allowImageOrigin('*'); //BrowserPolicy.content.allowImageOrigin('*');
// If Matomo URL is set, allow it. // If Matomo URL is set, allow it.
const matomoUrl = process.env.MATOMO_ADDRESS; const matomoUrl = process.env.MATOMO_ADDRESS;
if (matomoUrl){ if (matomoUrl){
BrowserPolicy.content.allowScriptOrigin(matomoUrl); //BrowserPolicy.content.allowScriptOrigin(matomoUrl);
BrowserPolicy.content.allowImageOrigin(matomoUrl); //BrowserPolicy.content.allowImageOrigin(matomoUrl);
} }
}); });