jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

csp: allow multiple lines and add presets

Browse Source
This commit is contained in:
Girish Ramakrishnan
2026-01-13 17:38:31 +01:00
parent b9ea1573ea
commit a1b4fdf624
18 changed files with 56 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/reverseproxy.js
View File

@@ -477,6 +477,12 @@ async function removeDashboardConfig(subdomain, domain) {
await reload();
}
function normalizeCSP(csp) {
const lines = csp.split('\n').map(line => line.trim()).filter(line => line && !line.startsWith('#'));
const statements = lines.map(line => line.endsWith(';') ? line : `${line};`); // semicolon terminate all lines
return statements.join(' ').replace(/\s+/g, ' ').trim(); // merge into single line
}
async function writeAppLocationNginxConfig(app, location, certificatePath) {
assert.strictEqual(typeof app, 'object');
assert.strictEqual(typeof location, 'object');
@@ -514,7 +520,7 @@ async function writeAppLocationNginxConfig(app, location, certificatePath) {
const reverseProxyConfig = app.reverseProxyConfig || {}; // some of our code uses fake app objects
if (reverseProxyConfig.robotsTxt) data.robotsTxtQuoted = JSON.stringify(app.reverseProxyConfig.robotsTxt);
if (reverseProxyConfig.csp) {
data.cspQuoted = `"${app.reverseProxyConfig.csp}"`;
data.cspQuoted = `"${normalizeCSP(app.reverseProxyConfig.csp)}"`;
data.hideHeaders = [ 'Content-Security-Policy' ];
if (reverseProxyConfig.csp.includes('frame-ancestors ')) data.hideHeaders.push('X-Frame-Options');
}