Home Explore Help
Sign In
mirrors
/
wekan
mirror of https://github.com/wekan/wekan.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

- Use only framing policy, not all of content policy.
- Fix Date and Time Formats are only US in every language.

Thanks to xet7 !

Closes #1833

Lauri Ojansivu 6 years ago
parent
36447ba1c0
commit
b3005f828d
3 changed files with 11 additions and 13 deletions
Unified View Show Diff Stats
  1. 3 3
      .meteor/packages
  2. 0 2
      .meteor/versions
  3. 8 8
      server/policy.js

+ 3 - 3
.meteor/packages
View File 

@@ -49,7 +49,6 @@ kadira:dochead
 
 meteorhacks:picker
 
 meteorhacks:picker
 
 meteorhacks:subs-manager
 
 meteorhacks:subs-manager
 
 mquandalle:autofocus
 
 mquandalle:autofocus
 
-mquandalle:moment
 
 ongoworks:speakingurl
 
 ongoworks:speakingurl
 
 raix:handlebar-helpers
 
 raix:handlebar-helpers
 
 tap:i18n
 
 tap:i18n
 
@@ -81,8 +80,9 @@ staringatlights:fast-render
 
 mixmax:smart-disconnect
 
 mixmax:smart-disconnect
 
 accounts-password@1.5.0
 
 accounts-password@1.5.0
 
 cfs:gridfs
 
 cfs:gridfs
 
-browser-policy
 
 eluck:accounts-lockout
 
 eluck:accounts-lockout
 
 rzymek:fullcalendar
 
 rzymek:fullcalendar
 
 momentjs:moment@2.22.2
 
 momentjs:moment@2.22.2
 
-atoy40:accounts-cas
 
+atoy40:accounts-cas
 
+browser-policy-framing
 
+mquandalle:moment

+ 0 - 2
.meteor/versions
View File 

@@ -19,9 +19,7 @@ binary-heap@1.0.10
 
 blaze@2.3.2
 
 blaze@2.3.2
 
 blaze-tools@1.0.10
 
 blaze-tools@1.0.10
 
 boilerplate-generator@1.3.1
 
 boilerplate-generator@1.3.1
 
-browser-policy@1.1.0
 
 browser-policy-common@1.0.11
 
 browser-policy-common@1.0.11
 
-browser-policy-content@1.1.0
 
 browser-policy-framing@1.1.0
 
 browser-policy-framing@1.1.0
 
 caching-compiler@1.1.9
 
 caching-compiler@1.1.9
 
 caching-html-compiler@1.1.2
 
 caching-html-compiler@1.1.2

+ 8 - 8
server/policy.js
View File 

@@ -8,27 +8,27 @@ Meteor.startup(() => {
 
     BrowserPolicy.framing.disallow();
 
     BrowserPolicy.framing.disallow();
 
     //Allow inline scripts, otherwise there is errors in browser/inspect/console
 
     //Allow inline scripts, otherwise there is errors in browser/inspect/console
 
     //BrowserPolicy.content.disallowInlineScripts();
 
     //BrowserPolicy.content.disallowInlineScripts();
 
-    BrowserPolicy.content.disallowEval();
 
-    BrowserPolicy.content.allowInlineStyles();
 
-    BrowserPolicy.content.allowFontDataUrl();
 
+    //BrowserPolicy.content.disallowEval();
 
+    //BrowserPolicy.content.allowInlineStyles();
 
+    //BrowserPolicy.content.allowFontDataUrl();
 
     BrowserPolicy.framing.restrictToOrigin(trusted);
 
     BrowserPolicy.framing.restrictToOrigin(trusted);
 
-    BrowserPolicy.content.allowScriptOrigin(trusted);
 
+    //BrowserPolicy.content.allowScriptOrigin(trusted);
 
   }
 
   }
 
   else {
 
   else {
 
     // Disable browser policy and allow all framing and including.
 
     // Disable browser policy and allow all framing and including.
 
     // Use only at internal LAN, not at Internet.
 
     // Use only at internal LAN, not at Internet.
 
     BrowserPolicy.framing.allowAll();
 
     BrowserPolicy.framing.allowAll();
 
-    BrowserPolicy.content.allowDataUrlForAll();
 
+    //BrowserPolicy.content.allowDataUrlForAll();
 
   }
 
   }
 
 
 
   // Allow all images from anywhere
 
   // Allow all images from anywhere
 
-  BrowserPolicy.content.allowImageOrigin('*');
 
+  //BrowserPolicy.content.allowImageOrigin('*');
 
 
 
   // If Matomo URL is set, allow it.
 
   // If Matomo URL is set, allow it.
 
   const matomoUrl = process.env.MATOMO_ADDRESS;
 
   const matomoUrl = process.env.MATOMO_ADDRESS;
 
   if (matomoUrl){
 
   if (matomoUrl){
 
-    BrowserPolicy.content.allowScriptOrigin(matomoUrl);
 
-    BrowserPolicy.content.allowImageOrigin(matomoUrl);
 
+    //BrowserPolicy.content.allowScriptOrigin(matomoUrl);
 
+    //BrowserPolicy.content.allowImageOrigin(matomoUrl);
 
   }
 
   }
 
 
 
 });
 
 });