You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by kx...@apache.org on 2014/06/17 23:26:00 UTC

[4/4] fauxton commit: updated refs/heads/import-master to 9bc7c98

Fauxton: Content Security Policy optional for dev

This just makes the content security policy optional for
development.


Project: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/commit/9bc7c98e
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/tree/9bc7c98e
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/diff/9bc7c98e

Branch: refs/heads/import-master
Commit: 9bc7c98e2a6d4d942a9e7a1d4c52653c9f7a6a4a
Parents: 9fe95cb
Author: Garren Smith <ga...@gmail.com>
Authored: Tue Jun 10 15:19:32 2014 +0200
Committer: Garren Smith <ga...@gmail.com>
Committed: Wed Jun 11 11:21:34 2014 +0200

----------------------------------------------------------------------
 tasks/couchserver.js | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/9bc7c98e/tasks/couchserver.js
----------------------------------------------------------------------
diff --git a/tasks/couchserver.js b/tasks/couchserver.js
index 3a17ab6..8e95c5c 100644
--- a/tasks/couchserver.js
+++ b/tasks/couchserver.js
@@ -25,7 +25,8 @@ module.exports = function (grunt) {
     // Options
     var dist_dir = options.dist || './dist/debug/',
         app_dir = './app',
-        port = options.port || 8000;
+        port = options.port || 8000,
+        setContentSecurityPolicy = _.isUndefined(options.contentSecurityPolicy) ? true : options.contentSecurityPolicy;
 
     // Proxy options with default localhost
     var proxy_settings = options.proxy || {
@@ -47,9 +48,11 @@ module.exports = function (grunt) {
           accept = req.headers.accept.split(','),
           filePath;
 
-      var headerValue = "default-src 'self'; img-src 'self'; font-src 'self'; " +
-                        "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';";
-      res.setHeader('Content-Security-Policy', headerValue);
+      if (setContentSecurityPolicy) {
+        var headerValue = "default-src 'self'; img-src 'self'; font-src 'self'; " +
+                          "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';";
+        res.setHeader('Content-Security-Policy', headerValue);
+      }
 
       if (!!url.match(/^\/addons\/.*\/assets\/js/)) {
         filePath = path.join(app_dir, url.replace('/_utils/fauxton/',''));