wassname/talk
1
0
Fork 0
mirror of https://github.com/wassname/talk.git synced 2026-07-01 05:42:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1656 from coralproject/csp

Browse Source 
Disable CSP
This commit is contained in:
Kim Gardner
2018-05-25 14:49:07 -04:00
committed by GitHub
parent 700cee4e56 68c7477f3a
commit 4442ffc784
3 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/source/02-02-advanced-configuration.md
+3 -2
View File
@@ -512,13 +512,14 @@ tracing of GraphQL requests.
**Note: Apollo Engine is a premium service, charges may apply.**
## TALK_ENABLE_STRICT_CSP
<!-- TODO: re-add CSP once we've resolved issues with dynamic webpack loading. -->
<!-- ## TALK_ENABLE_STRICT_CSP
Setting this to `TRUE` will enforce the [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)
(or CSP). By default, this configuration is set to
[report only](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP#Testing_your_policy)
where the policy is not enforced, but any violations are reported to a provided
URI. (Default `FALSE`)
URI. (Default `FALSE`) -->
## ALLOW_NO_LIMIT_QUERIES
routes/index.js
+2 -2
View File
@@ -9,7 +9,6 @@ const path = require('path');
const compression = require('compression');
const plugins = require('../services/plugins');
const staticTemplate = require('../middleware/staticTemplate');
const contentSecurityPolicy = require('../middleware/contentSecurityPolicy');
const nonce = require('../middleware/nonce');
const staticServer = require('express-static-gzip');
const { DISABLE_STATIC_SERVER } = require('../config');
@@ -76,7 +75,8 @@ router.use(compression());
// STATIC ROUTES
//==============================================================================
const staticMiddleware = [staticTemplate, nonce, contentSecurityPolicy];
// TODO: re-add CSP once we've resolved issues with dynamic webpack loading.
const staticMiddleware = [staticTemplate, nonce];
router.use('/admin', ...staticMiddleware, require('./admin'));
router.use('/account', ...staticMiddleware, require('./account'));
routes/plugins.js
+2 -3
View File
@@ -2,13 +2,12 @@ const express = require('express');
const debug = require('debug')('talk:routes:plugins');
const plugins = require('../services/plugins');
const staticTemplate = require('../middleware/staticTemplate');
const contentSecurityPolicy = require('../middleware/contentSecurityPolicy');
const nonce = require('../middleware/nonce');
const router = express.Router();
// Apply the middleware.
router.use(staticTemplate, nonce, contentSecurityPolicy);
// TODO: re-add CSP once we've resolved issues with dynamic webpack loading.
router.use(staticTemplate, nonce);
// Inject server route plugins.
plugins.get('server', 'router').forEach(plugin => {