Accueil Explorer Aide
Connexion
mirrors
/
wekan
miroir de https://github.com/wekan/wekan.git
2
0
Fork 0
Fichiers Tickets 0 Wiki
Aborescence: 076fd7e83c
Branches Tags
wekan
/
server
/
policy.js

policy.js 1.2 KB
Historique Raw

12345678910111213141516171819202122232425262728293031 
  1. import { BrowserPolicy } from 'meteor/browser-policy-common';
    2. 

  2. 

  3. Meteor.startup(() => {
    4. 

  4.   if (process.env.BROWSER_POLICY_ENABLED === 'true') {
    5. 

  5.     // Trusted URL that can embed Wekan in iFrame.
    6. 

  6.     const trusted = process.env.TRUSTED_URL;
    7. 

  7.     BrowserPolicy.framing.disallow();
    8. 

  8.     //Allow inline scripts, otherwise there is errors in browser/inspect/console
    9. 

  9.     //BrowserPolicy.content.disallowInlineScripts();
    10. 

  10.     //BrowserPolicy.content.disallowEval();
    11. 

  11.     //BrowserPolicy.content.allowInlineStyles();
    12. 

  12.     //BrowserPolicy.content.allowFontDataUrl();
    13. 

  13.     BrowserPolicy.framing.restrictToOrigin(trusted);
    14. 

  14.     //BrowserPolicy.content.allowScriptOrigin(trusted);
    15. 

  15.   } else {
    16. 

  16.     // Disable browser policy and allow all framing and including.
    17. 

  17.     // Use only at internal LAN, not at Internet.
    18. 

  18.     BrowserPolicy.framing.allowAll();
    19. 

  19.     //BrowserPolicy.content.allowDataUrlForAll();
    20. 

  20.   }
    21. 

  21. 

  22.   // Allow all images from anywhere
    23. 

  23.   //BrowserPolicy.content.allowImageOrigin('*');
    24. 

  24. 

  25.   // If Matomo URL is set, allow it.
    26. 

  26.   const matomoUrl = process.env.MATOMO_ADDRESS;
    27. 

  27.   if (matomoUrl) {
    28. 

  28.     //BrowserPolicy.content.allowScriptOrigin(matomoUrl);
    29. 

  29.     //BrowserPolicy.content.allowImageOrigin(matomoUrl);
    30. 

  30.   }
    31. 

  31. });
    32.