From 9075a38f60a9c5d00628a54f463bfda7d329b22a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Le=20Ninivin?= <cedric.leninivin@tiolive.com>
Date: Fri, 30 Sep 2016 15:04:03 +0000
Subject: [PATCH] erp5_officejs: Update CSP of Text and SVG Editors
---
.../web_site_module/officejs_svg_editor.xml | 176 +++---------------
.../web_site_module/officejs_text_editor.xml | 8 +-
2 files changed, 29 insertions(+), 155 deletions(-)
diff --git a/bt5/erp5_officejs/PathTemplateItem/web_site_module/officejs_svg_editor.xml b/bt5/erp5_officejs/PathTemplateItem/web_site_module/officejs_svg_editor.xml
index 9d445fa3b1..81d6fb8adb 100644
--- a/bt5/erp5_officejs/PathTemplateItem/web_site_module/officejs_svg_editor.xml
+++ b/bt5/erp5_officejs/PathTemplateItem/web_site_module/officejs_svg_editor.xml
@@ -111,13 +111,6 @@
<value>
<list>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
- <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
- <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
- <persistent> <string encoding="base64">AAAAAAAAAAU=</string> </persistent>
- <persistent> <string encoding="base64">AAAAAAAAAAY=</string> </persistent>
- <persistent> <string encoding="base64">AAAAAAAAAAc=</string> </persistent>
- <persistent> <string encoding="base64">AAAAAAAAAAg=</string> </persistent>
- <persistent> <string encoding="base64">AAAAAAAAAAk=</string> </persistent>
</list>
</value>
</item>
@@ -136,50 +129,6 @@
<key> <string>__before_traverse__</string> </key>
<value>
<dictionary>
- <item>
- <key>
- <tuple>
- <int>99</int>
- <string>ERP5 Web Site/bug_tracker</string>
- </tuple>
- </key>
- <value>
- <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
- </value>
- </item>
- <item>
- <key>
- <tuple>
- <int>99</int>
- <string>ERP5 Web Site/e5g_ecommerce</string>
- </tuple>
- </key>
- <value>
- <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
- </value>
- </item>
- <item>
- <key>
- <tuple>
- <int>99</int>
- <string>ERP5 Web Site/e5g_ehr</string>
- </tuple>
- </key>
- <value>
- <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
- </value>
- </item>
- <item>
- <key>
- <tuple>
- <int>99</int>
- <string>ERP5 Web Site/e5g_eprocurement</string>
- </tuple>
- </key>
- <value>
- <persistent> <string encoding="base64">AAAAAAAAAAU=</string> </persistent>
- </value>
- </item>
<item>
<key>
<tuple>
@@ -188,40 +137,7 @@
</tuple>
</key>
<value>
- <persistent> <string encoding="base64">AAAAAAAAAAY=</string> </persistent>
- </value>
- </item>
- <item>
- <key>
- <tuple>
- <int>99</int>
- <string>ERP5 Web Site/officejs_text_editor</string>
- </tuple>
- </key>
- <value>
- <persistent> <string encoding="base64">AAAAAAAAAAc=</string> </persistent>
- </value>
- </item>
- <item>
- <key>
- <tuple>
- <int>99</int>
- <string>ERP5 Web Site/renderjs_runner</string>
- </tuple>
- </key>
- <value>
- <persistent> <string encoding="base64">AAAAAAAAAAg=</string> </persistent>
- </value>
- </item>
- <item>
- <key>
- <tuple>
- <int>99</int>
- <string>ERP5 Web Site/spread</string>
- </tuple>
- </key>
- <value>
- <persistent> <string encoding="base64">AAAAAAAAAAk=</string> </persistent>
+ <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
</value>
</item>
</dictionary>
@@ -230,13 +146,13 @@
<item>
<key> <string>_count</string> </key>
<value>
- <persistent> <string encoding="base64">AAAAAAAAAAo=</string> </persistent>
+ <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
</value>
</item>
<item>
<key> <string>_identity_criterion</string> </key>
<value>
- <persistent> <string encoding="base64">AAAAAAAAAAs=</string> </persistent>
+ <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
</value>
</item>
<item>
@@ -373,25 +289,35 @@
<value> <string>string</string> </value>
</item>
</dictionary>
+ <dictionary>
+ <item>
+ <key> <string>id</string> </key>
+ <value> <string>configuration_x_frame_options</string> </value>
+ </item>
+ <item>
+ <key> <string>type</string> </key>
+ <value> <string>string</string> </value>
+ </item>
+ </dictionary>
</tuple>
</value>
</item>
<item>
<key> <string>_mt_index</string> </key>
<value>
- <persistent> <string encoding="base64">AAAAAAAAAAw=</string> </persistent>
+ <persistent> <string encoding="base64">AAAAAAAAAAU=</string> </persistent>
</value>
</item>
<item>
<key> <string>_range_criterion</string> </key>
<value>
- <persistent> <string encoding="base64">AAAAAAAAAA0=</string> </persistent>
+ <persistent> <string encoding="base64">AAAAAAAAAAY=</string> </persistent>
</value>
</item>
<item>
<key> <string>_tree</string> </key>
<value>
- <persistent> <string encoding="base64">AAAAAAAAAA4=</string> </persistent>
+ <persistent> <string encoding="base64">AAAAAAAAAAc=</string> </persistent>
</value>
</item>
<item>
@@ -417,7 +343,7 @@
</item>
<item>
<key> <string>configuration_content_security_policy</string> </key>
- <value> <string>default-src \'none\'; img-src \'self\' data:; media-src \'self\' blob:; connect-src \'self\' https://localhost:5000 mail.tiolive.com data:; script-src \'self\' \'unsafe-eval\'; font-src netdna.bootstrapcdn.com; style-src \'self\' netdna.bootstrapcdn.com \'unsafe-inline\' data:; frame-src \'self\' data:</string> </value>
+ <value> <string>default-src \'none\'; img-src \'self\' data:; media-src \'self\' blob:; connect-src \'self\' https://localhost:5000 mail.tiolive.com data: *.host.vifib.net *.node.vifib.com *.erp5.net; script-src \'self\' \'unsafe-eval\'; font-src netdna.bootstrapcdn.com; style-src \'self\' netdna.bootstrapcdn.com \'unsafe-inline\' data:; frame-src \'self\' data: *.app.officejs.com</string> </value>
</item>
<item>
<key> <string>configuration_default_view_action_reference</string> </key>
@@ -465,6 +391,10 @@
<none/>
</value>
</item>
+ <item>
+ <key> <string>configuration_x_frame_options</string> </key>
+ <value> <string>SAMEORIGIN</string> </value>
+ </item>
<item>
<key> <string>container_layout</string> </key>
<value> <string>WebSection_renderDefaultPageAsGadget</string> </value>
@@ -533,68 +463,12 @@
</pickle>
</record>
<record id="3" aka="AAAAAAAAAAM=">
- <pickle>
- <global name="WebSiteTraversalHook" module="Products.ERP5.Document.WebSite"/>
- </pickle>
- <pickle>
- <dictionary/>
- </pickle>
- </record>
- <record id="4" aka="AAAAAAAAAAQ=">
- <pickle>
- <global name="WebSiteTraversalHook" module="Products.ERP5.Document.WebSite"/>
- </pickle>
- <pickle>
- <dictionary/>
- </pickle>
- </record>
- <record id="5" aka="AAAAAAAAAAU=">
- <pickle>
- <global name="WebSiteTraversalHook" module="Products.ERP5.Document.WebSite"/>
- </pickle>
- <pickle>
- <dictionary/>
- </pickle>
- </record>
- <record id="6" aka="AAAAAAAAAAY=">
- <pickle>
- <global name="WebSiteTraversalHook" module="Products.ERP5.Document.WebSite"/>
- </pickle>
- <pickle>
- <dictionary/>
- </pickle>
- </record>
- <record id="7" aka="AAAAAAAAAAc=">
- <pickle>
- <global name="WebSiteTraversalHook" module="Products.ERP5.Document.WebSite"/>
- </pickle>
- <pickle>
- <dictionary/>
- </pickle>
- </record>
- <record id="8" aka="AAAAAAAAAAg=">
- <pickle>
- <global name="WebSiteTraversalHook" module="Products.ERP5.Document.WebSite"/>
- </pickle>
- <pickle>
- <dictionary/>
- </pickle>
- </record>
- <record id="9" aka="AAAAAAAAAAk=">
- <pickle>
- <global name="WebSiteTraversalHook" module="Products.ERP5.Document.WebSite"/>
- </pickle>
- <pickle>
- <dictionary/>
- </pickle>
- </record>
- <record id="10" aka="AAAAAAAAAAo=">
<pickle>
<global name="Length" module="BTrees.Length"/>
</pickle>
<pickle> <int>0</int> </pickle>
</record>
- <record id="11" aka="AAAAAAAAAAs=">
+ <record id="4" aka="AAAAAAAAAAQ=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
@@ -609,7 +483,7 @@
</dictionary>
</pickle>
</record>
- <record id="12" aka="AAAAAAAAAAw=">
+ <record id="5" aka="AAAAAAAAAAU=">
<pickle>
<global name="OOBTree" module="BTrees.OOBTree"/>
</pickle>
@@ -617,7 +491,7 @@
<none/>
</pickle>
</record>
- <record id="13" aka="AAAAAAAAAA0=">
+ <record id="6" aka="AAAAAAAAAAY=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
@@ -632,7 +506,7 @@
</dictionary>
</pickle>
</record>
- <record id="14" aka="AAAAAAAAAA4=">
+ <record id="7" aka="AAAAAAAAAAc=">
<pickle>
<global name="OOBTree" module="BTrees.OOBTree"/>
</pickle>
diff --git a/bt5/erp5_officejs/PathTemplateItem/web_site_module/officejs_text_editor.xml b/bt5/erp5_officejs/PathTemplateItem/web_site_module/officejs_text_editor.xml
index 172000ce2c..b570a62a39 100644
--- a/bt5/erp5_officejs/PathTemplateItem/web_site_module/officejs_text_editor.xml
+++ b/bt5/erp5_officejs/PathTemplateItem/web_site_module/officejs_text_editor.xml
@@ -343,7 +343,7 @@
</item>
<item>
<key> <string>configuration_content_security_policy</string> </key>
- <value> <string>default-src \'none\'; img-src \'self\' data:; media-src \'self\' blob:; connect-src \'self\' https://localhost:5000 mail.tiolive.com data:; script-src \'self\' \'unsafe-eval\'; font-src netdna.bootstrapcdn.com; style-src \'self\' netdna.bootstrapcdn.com \'unsafe-inline\' data:; frame-src \'self\' data: *.app.officejs.com</string> </value>
+ <value> <string>default-src \'none\'; img-src \'self\' data:; media-src \'self\' blob:; connect-src \'self\' https://localhost:5000 mail.tiolive.com data: *.host.vifib.net *.node.vifib.com *.erp5.net; script-src \'self\' \'unsafe-eval\'; font-src netdna.bootstrapcdn.com; style-src \'self\' netdna.bootstrapcdn.com \'unsafe-inline\' data:; frame-src \'self\' data: *.app.officejs.com</string> </value>
</item>
<item>
<key> <string>configuration_default_view_action_reference</string> </key>
@@ -616,7 +616,7 @@
</item>
<item>
<key> <string>actor</string> </key>
- <value> <string>supercedriclen</string> </value>
+ <value> <string>cedric.le.ninivin</string> </value>
</item>
<item>
<key> <string>comment</string> </key>
@@ -630,7 +630,7 @@
</item>
<item>
<key> <string>serial</string> </key>
- <value> <string>952.21760.27093.47650</string> </value>
+ <value> <string>954.17228.62546.5000</string> </value>
</item>
<item>
<key> <string>state</string> </key>
@@ -648,7 +648,7 @@
</tuple>
<state>
<tuple>
- <float>1474879207.84</float>
+ <float>1475245019.47</float>
<string>UTC</string>
</tuple>
</state>
--
2.30.9