Don't allow cryptpad registrations plus no content security policy

csp causes things to fail

Don't allow cryptpad registrations plus no content security policy
01ce3b74 · Bob Mottram · 08b465af · 01ce3b74
Commit 01ce3b74 authored 7 years ago by Bob Mottram
--- a/src/freedombone-app-cryptpad
+++ b/src/freedombone-app-cryptpad
@@ -376,6 +376,10 @@ function install_cryptpad_main {
        echo '    try_files $uri =404;' >> $cryptpad_nginx_site
        echo '  }' >> $cryptpad_nginx_site
        echo '' >> $cryptpad_nginx_site
+        echo '  location ^~ /register/ {' >> $cryptpad_nginx_site
+        echo '    try_files $uri =404;' >> $cryptpad_nginx_site
+        echo '  }' >> $cryptpad_nginx_site
+        echo '' >> $cryptpad_nginx_site
        echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
        echo '    rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
        echo '  }' >> $cryptpad_nginx_site
@@ -406,8 +410,6 @@ function install_cryptpad_main {
    echo "    set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site
    echo '  }' >> $cryptpad_nginx_site
    echo '' >> $cryptpad_nginx_site
-    echo "  add_header Content-Security-Policy \"default-src http:; script-src http: 'unsafe-inline'; style-src http: 'unsafe-inline'; img-src data: * blob: font-src self\";" >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
    echo '  location = /cryptpad_websocket {' >> $cryptpad_nginx_site
    echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site
    echo '    proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site
@@ -437,6 +439,10 @@ function install_cryptpad_main {
    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
    echo '  }' >> $cryptpad_nginx_site
    echo '' >> $cryptpad_nginx_site
+    echo '  location ^~ /register/ {' >> $cryptpad_nginx_site
+    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
+    echo '  }' >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
    echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
    echo '    rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
    echo '  }' >> $cryptpad_nginx_site
@@ -445,7 +451,7 @@ function install_cryptpad_main {
    echo '}' >> $cryptpad_nginx_site

    sed -i 's|DENY;|SAMEORIGIN;|g' $cryptpad_nginx_site
-    sed -i "s|Content-Security-Policy.*|Content-Security-Policy \"default-src http:; script-src http: 'unsafe-inline'; style-src http: 'unsafe-inline'; img-src data: * blob: font-src self\";|g" $cryptpad_nginx_site
+    sed -i "/Content-Security-Policy/d" $cryptpad_nginx_site

    function_check create_site_certificate
    create_site_certificate $CRYPTPAD_DOMAIN_NAME 'yes'