Ylianst/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2024-09-11 08:55:32 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added Cloudflare RocketLoader support.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2021-01-06 14:23:07 -08:00
parent a7611ac8cb
commit 923ac49637
3 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
certoperations.js
View File

@ -110,6 +110,7 @@ module.exports.CertificateOperations = function (parent) {
var acmCerts = [], acmmatch = [];
if (amtacmactivation.certs != null) {
for (var j in amtacmactivation.certs) {
if (j.startsWith('_')) continue; // Skip any certificates that start with underscore as the name.
var acmconfig = amtacmactivation.certs[j], r = null;
if ((typeof acmconfig.certpfx == 'string') && (typeof acmconfig.certpfxpass == 'string')) {

1
meshcentral.js
View File

@ -1350,6 +1350,7 @@ function CreateMeshCentralServer(config, args) {
// Load CloudFlare trusted proxies list if needed
if ((obj.config.settings.trustedproxy != null) && (typeof obj.config.settings.trustedproxy == 'string') && (obj.config.settings.trustedproxy.toLowerCase() == 'cloudflare')) {
obj.config.settings.extrascriptsrc = 'ajax.cloudflare.com'; // Add CloudFlare as a trusted script source. This allows for CloudFlare's RocketLoader feature.
delete obj.args.trustedproxy;
delete obj.config.settings.trustedproxy;
obj.certificateOperations.loadTextFile('https://www.cloudflare.com/ips-v4', null, function (url, data, tag) {

3
webserver.js
View File

@ -5014,11 +5014,12 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
const geourl = (domain.geolocation ? ' *.openstreetmap.org' : '');
var selfurl = ' wss://' + req.headers.host;
if ((xforwardedhost != null) && (xforwardedhost != req.headers.host)) { selfurl += ' wss://' + xforwardedhost; }
const extraScriptSrc = (parent.config.settings.extrascriptsrc != null) ? (' ' + parent.config.settings.extrascriptsrc) : '';
const headers = {
'Referrer-Policy': 'no-referrer',
'X-XSS-Protection': '1; mode=block',
'X-Content-Type-Options': 'nosniff',
'Content-Security-Policy': "default-src 'none'; font-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'" + geourl + selfurl + "; img-src 'self'" + geourl + " data:; style-src 'self' 'unsafe-inline'; frame-src 'self' https://*.youtube.com mcrouter:; media-src 'self'; form-action 'self'"
'Content-Security-Policy': "default-src 'none'; font-src 'self'; script-src 'self' 'unsafe-inline'" + extraScriptSrc + "; connect-src 'self'" + geourl + selfurl + "; img-src 'self'" + geourl + " data:; style-src 'self' 'unsafe-inline'; frame-src 'self' https://*.youtube.com mcrouter:; media-src 'self'; form-action 'self'"
};
if ((parent.config.settings.allowframing !== true) && (typeof parent.config.settings.allowframing !== 'string')) { headers['X-Frame-Options'] = 'sameorigin'; }
res.set(headers);