From b3005f828dbf69bdf174d4bcd7654310fa9e0968 Mon Sep 17 00:00:00 2001 From: Lauri Ojansivu Date: Thu, 16 Aug 2018 14:29:38 +0300 Subject: - Use only framing policy, not all of content policy. - Fix Date and Time Formats are only US in every language. Thanks to xet7 ! Closes #1833 --- .meteor/packages | 6 +++--- .meteor/versions | 2 -- server/policy.js | 16 ++++++++-------- 3 files changed, 11 insertions(+), 13 deletions(-) diff --git a/.meteor/packages b/.meteor/packages index e76e15fb..13f1384a 100644 --- a/.meteor/packages +++ b/.meteor/packages @@ -49,7 +49,6 @@ kadira:dochead meteorhacks:picker meteorhacks:subs-manager mquandalle:autofocus -mquandalle:moment ongoworks:speakingurl raix:handlebar-helpers tap:i18n @@ -81,8 +80,9 @@ staringatlights:fast-render mixmax:smart-disconnect accounts-password@1.5.0 cfs:gridfs -browser-policy eluck:accounts-lockout rzymek:fullcalendar momentjs:moment@2.22.2 -atoy40:accounts-cas \ No newline at end of file +atoy40:accounts-cas +browser-policy-framing +mquandalle:moment diff --git a/.meteor/versions b/.meteor/versions index 9de09a74..f3470d97 100644 --- a/.meteor/versions +++ b/.meteor/versions @@ -19,9 +19,7 @@ binary-heap@1.0.10 blaze@2.3.2 blaze-tools@1.0.10 boilerplate-generator@1.3.1 -browser-policy@1.1.0 browser-policy-common@1.0.11 -browser-policy-content@1.1.0 browser-policy-framing@1.1.0 caching-compiler@1.1.9 caching-html-compiler@1.1.2 diff --git a/server/policy.js b/server/policy.js index 94f80b21..02a42cd4 100644 --- a/server/policy.js +++ b/server/policy.js @@ -8,27 +8,27 @@ Meteor.startup(() => { BrowserPolicy.framing.disallow(); //Allow inline scripts, otherwise there is errors in browser/inspect/console //BrowserPolicy.content.disallowInlineScripts(); - BrowserPolicy.content.disallowEval(); - BrowserPolicy.content.allowInlineStyles(); - BrowserPolicy.content.allowFontDataUrl(); + //BrowserPolicy.content.disallowEval(); + //BrowserPolicy.content.allowInlineStyles(); + //BrowserPolicy.content.allowFontDataUrl(); BrowserPolicy.framing.restrictToOrigin(trusted); - BrowserPolicy.content.allowScriptOrigin(trusted); + //BrowserPolicy.content.allowScriptOrigin(trusted); } else { // Disable browser policy and allow all framing and including. // Use only at internal LAN, not at Internet. BrowserPolicy.framing.allowAll(); - BrowserPolicy.content.allowDataUrlForAll(); + //BrowserPolicy.content.allowDataUrlForAll(); } // Allow all images from anywhere - BrowserPolicy.content.allowImageOrigin('*'); + //BrowserPolicy.content.allowImageOrigin('*'); // If Matomo URL is set, allow it. const matomoUrl = process.env.MATOMO_ADDRESS; if (matomoUrl){ - BrowserPolicy.content.allowScriptOrigin(matomoUrl); - BrowserPolicy.content.allowImageOrigin(matomoUrl); + //BrowserPolicy.content.allowScriptOrigin(matomoUrl); + //BrowserPolicy.content.allowImageOrigin(matomoUrl); } }); -- cgit v1.2.3-1-g7c22