forked from cory/tildefriends
Allow downloads and top navigation from sandboxed pages. Trying to make the wiki more sensible.
git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@4817 ed5197a5-7fde-0310-b194-c3ffbd925b24
This commit is contained in:
parent
4bd46a1657
commit
81c66bdddd
10
core/core.js
10
core/core.js
@ -6,6 +6,8 @@ import * as http from './http.js';
|
||||
let gProcesses = {};
|
||||
let gStatsTimer = false;
|
||||
|
||||
const k_content_security_policy = 'sandbox allow-downloads allow-top-navigation-by-user-activation';
|
||||
|
||||
const k_mime_types = {
|
||||
'css': 'text/css',
|
||||
'html': 'text/html',
|
||||
@ -736,7 +738,7 @@ async function blobHandler(request, response, blobId, uri) {
|
||||
let match;
|
||||
let query = form.decodeForm(request.query);
|
||||
let headers = {
|
||||
'Content-Security-Policy': 'sandbox',
|
||||
'Content-Security-Policy': k_content_security_policy,
|
||||
};
|
||||
if (query.filename && query.filename.match(/^[A-Za-z0-9\.-]*$/)) {
|
||||
headers['Content-Disposition'] = `attachment; filename=${query.filename}`;
|
||||
@ -893,13 +895,13 @@ async function blobHandler(request, response, blobId, uri) {
|
||||
}
|
||||
sendData(response, answer?.data, answer?.content_type, Object.assign(answer?.headers ?? {}, {
|
||||
'Access-Control-Allow-Origin': '*',
|
||||
'Content-Security-Policy': 'sandbox',
|
||||
'Content-Security-Policy': k_content_security_policy,
|
||||
}), answer.status_code);
|
||||
} else if (id) {
|
||||
if (request.headers['if-none-match'] && request.headers['if-none-match'] == '"' + id + '"') {
|
||||
let headers = {
|
||||
'Access-Control-Allow-Origin': '*',
|
||||
'Content-Security-Policy': 'sandbox',
|
||||
'Content-Security-Policy': k_content_security_policy,
|
||||
'Content-Length': '0',
|
||||
};
|
||||
response.writeHead(304, headers);
|
||||
@ -908,7 +910,7 @@ async function blobHandler(request, response, blobId, uri) {
|
||||
let headers = {
|
||||
'ETag': '"' + id + '"',
|
||||
'Access-Control-Allow-Origin': '*',
|
||||
'Content-Security-Policy': 'sandbox',
|
||||
'Content-Security-Policy': k_content_security_policy,
|
||||
};
|
||||
data = await getBlobOrContent(id);
|
||||
let type = guessTypeFromName(uri) || guessTypeFromMagicBytes(data);
|
||||
|
Loading…
Reference in New Issue
Block a user