Backup_Repos/filestash
1
0
Fork 0
mirror of https://github.com/mickael-kerjean/filestash synced 2025-12-06 08:22:24 +01:00
Code Issues Projects Releases Wiki Activity

feature (iframe): embed the app from an iframe

Browse source
This commit is contained in:
Mickael Kerjean 2019-11-11 22:21:11 +11:00
parent c3d46c3abe
commit 58c6c57f82
2 changed files with 18 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
client/pages/filespage/thing.scss
View file

@ -110,7 +110,7 @@
// GRID VIEW
> .component_thing.view-grid{
width: 25%; .box{ height: 160px;}
@media (max-width: 800px){width: 33.33%; .box{height: 200px} }
@media (max-width: 769px){width: 33.33%; .box{height: 200px} }
@media (max-width: 670px){.box{height: 170px}}
@media (max-width: 550px){width: 50%; .box{height: 200px} }
@media (max-width: 480px){.box{height: 170px}}

18
server/middleware/http.go
View file

@ -46,7 +46,23 @@ func IndexHeaders(fn func(App, http.ResponseWriter, *http.Request)) func(ctx App
header.Set("X-XSS-Protection", "1; mode=block")
header.Set("X-Frame-Options", "DENY")
header.Set("X-Powered-By", fmt.Sprintf("Filestash/%s.%s <https://filestash.app>", APP_VERSION, BUILD_DATE))
header.Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'; font-src 'self' data:; manifest-src 'self'; script-src 'self' 'sha256-JNAde5CZQqXtYRLUk8CGgyJXo6C7Zs1lXPPClLM1YM4=' 'sha256-9/gQeQaAmVkFStl6tfCbHXn8mr6PgtxlH+hEp685lzY='; img-src 'self' data:; connect-src 'self'; object-src 'self'; media-src 'self'; worker-src 'self'; form-action 'self'; frame-ancestors 'none'; base-uri 'self'")
cspHeader := "default-src 'none'; style-src 'unsafe-inline'; font-src 'self' data:; manifest-src 'self'; script-src 'self' 'sha256-JNAde5CZQqXtYRLUk8CGgyJXo6C7Zs1lXPPClLM1YM4=' 'sha256-9/gQeQaAmVkFStl6tfCbHXn8mr6PgtxlH+hEp685lzY='; img-src 'self' data:; connect-src 'self'; object-src 'self'; media-src 'self'; worker-src 'self'; form-action 'self'; base-uri 'self';"
if allowedDomainsForIframe := Config.Get("features.protection.iframe").Schema(func(f *FormElement) *FormElement{
if f == nil {
f = &FormElement{}
}
f.Default = ""
f.Name = "iframe"
f.Type = "text"
f.Target = []string{}
f.Description = "The frame-ancestors's value as part of the Content Security Policy header. Use with caution, this setting can make you vulnerable to clicjacking security issues."
f.Placeholder = "Default: disabled"
return f
}).String(); allowedDomainsForIframe != "" {
cspHeader += "frame-ancestors " + allowedDomainsForIframe
}
header.Set("Content-Security-Policy", cspHeader)
fn(ctx, res, req)
}
}