Return-Path: X-Original-To: apmail-couchdb-commits-archive@www.apache.org Delivered-To: apmail-couchdb-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7170211AA0 for ; Mon, 14 Jul 2014 08:35:38 +0000 (UTC) Received: (qmail 41524 invoked by uid 500); 14 Jul 2014 08:35:38 -0000 Delivered-To: apmail-couchdb-commits-archive@couchdb.apache.org Received: (qmail 41453 invoked by uid 500); 14 Jul 2014 08:35:38 -0000 Mailing-List: contact commits-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list commits@couchdb.apache.org Received: (qmail 41365 invoked by uid 99); 14 Jul 2014 08:35:38 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Jul 2014 08:35:38 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id BE9888BD4AD; Mon, 14 Jul 2014 08:35:37 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: kxepal@apache.org To: commits@couchdb.apache.org Date: Mon, 14 Jul 2014 08:35:39 -0000 Message-Id: <6cf2de1a4ab94bc8982886c705bf71de@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [03/13] fauxton commit: updated refs/heads/master to 0ec46e9 Fauxton: Content Security Policy optional for dev This just makes the content security policy optional for development. Project: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/commit/9bc7c98e Tree: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/tree/9bc7c98e Diff: http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/diff/9bc7c98e Branch: refs/heads/master Commit: 9bc7c98e2a6d4d942a9e7a1d4c52653c9f7a6a4a Parents: 9fe95cb Author: Garren Smith Authored: Tue Jun 10 15:19:32 2014 +0200 Committer: Garren Smith Committed: Wed Jun 11 11:21:34 2014 +0200 ---------------------------------------------------------------------- tasks/couchserver.js | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb-fauxton/blob/9bc7c98e/tasks/couchserver.js ---------------------------------------------------------------------- diff --git a/tasks/couchserver.js b/tasks/couchserver.js index 3a17ab6..8e95c5c 100644 --- a/tasks/couchserver.js +++ b/tasks/couchserver.js @@ -25,7 +25,8 @@ module.exports = function (grunt) { // Options var dist_dir = options.dist || './dist/debug/', app_dir = './app', - port = options.port || 8000; + port = options.port || 8000, + setContentSecurityPolicy = _.isUndefined(options.contentSecurityPolicy) ? true : options.contentSecurityPolicy; // Proxy options with default localhost var proxy_settings = options.proxy || { @@ -47,9 +48,11 @@ module.exports = function (grunt) { accept = req.headers.accept.split(','), filePath; - var headerValue = "default-src 'self'; img-src 'self'; font-src 'self'; " + - "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';"; - res.setHeader('Content-Security-Policy', headerValue); + if (setContentSecurityPolicy) { + var headerValue = "default-src 'self'; img-src 'self'; font-src 'self'; " + + "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';"; + res.setHeader('Content-Security-Policy', headerValue); + } if (!!url.match(/^\/addons\/.*\/assets\/js/)) { filePath = path.join(app_dir, url.replace('/_utils/fauxton/',''));