Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
iv
erp5
Commits
da4ed4e9
Commit
da4ed4e9
authored
Dec 29, 2015
by
iv
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
OfficeJS: Add CSP configuration.
parent
64828784
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
41 additions
and
6 deletions
+41
-6
bt5/erp5_officejs/PathTemplateItem/web_site_module/officejs_text_editor.xml
...PathTemplateItem/web_site_module/officejs_text_editor.xml
+16
-2
bt5/erp5_officejs/PathTemplateItem/web_site_module/officejs_text_editor/hateoas.xml
...lateItem/web_site_module/officejs_text_editor/hateoas.xml
+19
-3
bt5/erp5_web_renderjs_ui/SkinTemplateItem/portal_skins/erp5_web_renderjs_ui/WebPage_viewAsWeb.xml
...m/portal_skins/erp5_web_renderjs_ui/WebPage_viewAsWeb.xml
+5
-1
bt5/erp5_web_renderjs_ui/SkinTemplateItem/portal_skins/erp5_web_renderjs_ui/WebSection_renderDefaultPageAsGadget.xml
..._web_renderjs_ui/WebSection_renderDefaultPageAsGadget.xml
+1
-0
No files found.
bt5/erp5_officejs/PathTemplateItem/web_site_module/officejs_text_editor.xml
View file @
da4ed4e9
...
@@ -351,6 +351,16 @@
...
@@ -351,6 +351,16 @@
<value>
<string>
string
</string>
</value>
<value>
<string>
string
</string>
</value>
</item>
</item>
</dictionary>
</dictionary>
<dictionary>
<item>
<key>
<string>
id
</string>
</key>
<value>
<string>
configuration_content_security_policy
</string>
</value>
</item>
<item>
<key>
<string>
type
</string>
</key>
<value>
<string>
string
</string>
</value>
</item>
</dictionary>
</tuple>
</tuple>
</value>
</value>
</item>
</item>
...
@@ -392,6 +402,10 @@
...
@@ -392,6 +402,10 @@
<key>
<string>
configuration_application_title
</string>
</key>
<key>
<string>
configuration_application_title
</string>
</key>
<value>
<string>
Text Editor
</string>
</value>
<value>
<string>
Text Editor
</string>
</value>
</item>
</item>
<item>
<key>
<string>
configuration_content_security_policy
</string>
</key>
<value>
<string>
default-src \'none\'; img-src \'self\' data:; media-src \'self\' blob:; connect-src \'self\' * mail.tiolive.com data:; script-src \'self\' \'unsafe-eval\'; font-src netdna.bootstrapcdn.com; style-src \'self\' netdna.bootstrapcdn.com \'unsafe-inline\' data:; frame-src \'self\' data:
</string>
</value>
</item>
<item>
<item>
<key>
<string>
configuration_default_view_action_reference
</string>
</key>
<key>
<string>
configuration_default_view_action_reference
</string>
</key>
<value>
<value>
...
@@ -721,7 +735,7 @@
...
@@ -721,7 +735,7 @@
</item>
</item>
<item>
<item>
<key>
<string>
serial
</string>
</key>
<key>
<string>
serial
</string>
</key>
<value>
<string>
94
6.4378.53544.28347
</string>
</value>
<value>
<string>
94
7.57052.16419.11059
</string>
</value>
</item>
</item>
<item>
<item>
<key>
<string>
state
</string>
</key>
<key>
<string>
state
</string>
</key>
...
@@ -739,7 +753,7 @@
...
@@ -739,7 +753,7 @@
</tuple>
</tuple>
<state>
<state>
<tuple>
<tuple>
<float>
14
46730078.39
</float>
<float>
14
50452633.63
</float>
<string>
UTC
</string>
<string>
UTC
</string>
</tuple>
</tuple>
</state>
</state>
...
...
bt5/erp5_officejs/PathTemplateItem/web_site_module/officejs_text_editor/hateoas.xml
View file @
da4ed4e9
...
@@ -178,6 +178,16 @@
...
@@ -178,6 +178,16 @@
<value>
<string>
string
</string>
</value>
<value>
<string>
string
</string>
</value>
</item>
</item>
</dictionary>
</dictionary>
<dictionary>
<item>
<key>
<string>
id
</string>
</key>
<value>
<string>
configuration_content_security_policy
</string>
</value>
</item>
<item>
<key>
<string>
type
</string>
</key>
<value>
<string>
string
</string>
</value>
</item>
</dictionary>
</tuple>
</tuple>
</value>
</value>
</item>
</item>
...
@@ -193,6 +203,12 @@
...
@@ -193,6 +203,12 @@
<none/>
<none/>
</value>
</value>
</item>
</item>
<item>
<key>
<string>
configuration_content_security_policy
</string>
</key>
<value>
<none/>
</value>
</item>
<item>
<item>
<key>
<string>
configuration_frontpage_gadget_url
</string>
</key>
<key>
<string>
configuration_frontpage_gadget_url
</string>
</key>
<value>
<value>
...
@@ -414,7 +430,7 @@
...
@@ -414,7 +430,7 @@
</item>
</item>
<item>
<item>
<key>
<string>
actor
</string>
</key>
<key>
<string>
actor
</string>
</key>
<value>
<string>
cedric.le.ninivin
</string>
</value>
<value>
<string>
zope
</string>
</value>
</item>
</item>
<item>
<item>
<key>
<string>
comment
</string>
</key>
<key>
<string>
comment
</string>
</key>
...
@@ -428,7 +444,7 @@
...
@@ -428,7 +444,7 @@
</item>
</item>
<item>
<item>
<key>
<string>
serial
</string>
</key>
<key>
<string>
serial
</string>
</key>
<value>
<string>
94
5.58601.10119.52531
</string>
</value>
<value>
<string>
94
7.56939.21991.31146
</string>
</value>
</item>
</item>
<item>
<item>
<key>
<string>
state
</string>
</key>
<key>
<string>
state
</string>
</key>
...
@@ -446,7 +462,7 @@
...
@@ -446,7 +462,7 @@
</tuple>
</tuple>
<state>
<state>
<tuple>
<tuple>
<float>
14
43112993.68
</float>
<float>
14
50449679.31
</float>
<string>
UTC
</string>
<string>
UTC
</string>
</tuple>
</tuple>
</state>
</state>
...
...
bt5/erp5_web_renderjs_ui/SkinTemplateItem/portal_skins/erp5_web_renderjs_ui/WebPage_viewAsWeb.xml
View file @
da4ed4e9
...
@@ -75,14 +75,18 @@ elif (portal_type == "Web Manifest"):\n
...
@@ -75,14 +75,18 @@ elif (portal_type == "Web Manifest"):\n
response.setHeader(\'Content-Type\', \'text/cache-manifest\')\n
response.setHeader(\'Content-Type\', \'text/cache-manifest\')\n
\n
\n
else:\n
else:\n
csp = "default-src \'none\'; img-src \'self\' data:; media-src \'self\' blob:; connect-src \'self\' mail.tiolive.com data:; script-src \'self\' \'unsafe-eval\'; font-src netdna.bootstrapcdn.com; style-src \'self\' netdna.bootstrapcdn.com \'unsafe-inline\' data:; frame-src \'self\' data:"\n
if (mapping_dict is not None):\n
if (mapping_dict is not None):\n
web_content = web_page.TextDocument_substituteTextContent(web_page, web_content, mapping_dict=mapping_dict)\n
web_content = web_page.TextDocument_substituteTextContent(web_page, web_content, mapping_dict=mapping_dict)\n
# get CSP headers from the mapping dict if defined\n
csp = mapping_dict.get("content_security_policy", csp)\n
\n
# Do not allow to put inside an iframe\n
# Do not allow to put inside an iframe\n
response.setHeader("X-Frame-Options", "SAMEORIGIN")\n
response.setHeader("X-Frame-Options", "SAMEORIGIN")\n
response.setHeader("X-Content-Type-Options", "nosniff")\n
response.setHeader("X-Content-Type-Options", "nosniff")\n
\n
\n
# Only fetch code (html, js, css, image) and data from this ERP5, to prevent any data leak as the web site do not control the gadget\'s code\n
# Only fetch code (html, js, css, image) and data from this ERP5, to prevent any data leak as the web site do not control the gadget\'s code\n
response.setHeader("Content-Security-Policy",
"default-src \'none\'; img-src \'self\' data:; media-src \'self\' blob:; connect-src \'self\' mail.tiolive.com data:; script-src \'self\' \'unsafe-eval\'; font-src netdna.bootstrapcdn.com; style-src \'self\' netdna.bootstrapcdn.com \'unsafe-inline\' data:; frame-src \'self\' data:"
)\n
response.setHeader("Content-Security-Policy",
csp
)\n
\n
\n
response.setHeader(\'Content-Type\', \'text/html\')\n
response.setHeader(\'Content-Type\', \'text/html\')\n
\n
\n
...
...
bt5/erp5_web_renderjs_ui/SkinTemplateItem/portal_skins/erp5_web_renderjs_ui/WebSection_renderDefaultPageAsGadget.xml
View file @
da4ed4e9
...
@@ -70,6 +70,7 @@ return default_web_page.WebPage_viewAsWeb(mapping_dict={\n
...
@@ -70,6 +70,7 @@ return default_web_page.WebPage_viewAsWeb(mapping_dict={\n
"header_gadget": web_section.getLayoutProperty("configuration_header_gadget_url", default="gadget_erp5_header.html"),\n
"header_gadget": web_section.getLayoutProperty("configuration_header_gadget_url", default="gadget_erp5_header.html"),\n
"jio_gadget": web_section.getLayoutProperty("configuration_jio_gadget_url", default="gadget_jio.html"),\n
"jio_gadget": web_section.getLayoutProperty("configuration_jio_gadget_url", default="gadget_jio.html"),\n
"translation_gadget": web_section.getLayoutProperty("configuration_translation_gadget_url", default="gadget_translation.html"),\n
"translation_gadget": web_section.getLayoutProperty("configuration_translation_gadget_url", default="gadget_translation.html"),\n
"content_security_policy": web_section.getLayoutProperty("configuration_content_security_policy"),\n
"manifest_url": web_section.getLayoutProperty("configuration_manifest_url", default="gadget_erp5.appcache")\n
"manifest_url": web_section.getLayoutProperty("configuration_manifest_url", default="gadget_erp5.appcache")\n
})\n
})\n
</string>
</value>
</string>
</value>
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment