couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robertkowal...@apache.org
Subject [2/2] couchdb commit: updated refs/heads/enable-csp-default to e16abc9
Date Sat, 06 Sep 2014 19:49:17 GMT
Enable CSP support for /_utils per default

With the new 2.0 release Futon, which had too much inline-
JavaScript etc., is not used any more. Fauxton is able to work
with our default CSP settings.


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/e16abc95
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/e16abc95
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/e16abc95

Branch: refs/heads/enable-csp-default
Commit: e16abc958a89cf554f4fe1bf78e3cfb5b92147e6
Parents: 7cae823
Author: Robert Kowalski <rok@kowalski.gd>
Authored: Sat Sep 6 20:49:12 2014 +0200
Committer: Robert Kowalski <rok@kowalski.gd>
Committed: Sat Sep 6 20:49:12 2014 +0200

----------------------------------------------------------------------
 rel/overlay/etc/default.ini    |  4 ++--
 share/doc/src/experimental.rst | 17 -----------------
 2 files changed, 2 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/e16abc95/rel/overlay/etc/default.ini
----------------------------------------------------------------------
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index fe19b1e..8bf641a 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -91,9 +91,9 @@ credentials = false
 ; List of accepted methods
 ; methods =
 
-; Experimental CSP (Content Security Policy) Support for _utils
+; CSP (Content Security Policy) Support for _utils
 [csp]
-enable = false
+enable = true
 ; header_value = default-src 'self'; img-src 'self'; font-src *; script-src 'self' 'unsafe-eval';
style-src 'self' 'unsafe-inline';
 
 ; Configuration for a vhost

http://git-wip-us.apache.org/repos/asf/couchdb/blob/e16abc95/share/doc/src/experimental.rst
----------------------------------------------------------------------
diff --git a/share/doc/src/experimental.rst b/share/doc/src/experimental.rst
index fae925c..077fcaa 100644
--- a/share/doc/src/experimental.rst
+++ b/share/doc/src/experimental.rst
@@ -79,20 +79,3 @@ Plugins
 =======
 
 See `src/couch_plugins/README.md`.
-
-
-Content-Security-Policy (CSP) Header Support for /_utils (Fauxton)
-==================================================================
-
-This will just work with Fauxton, and not Futon. You can enable it
-in your config: you can enable the feature in general and change
-the default header that is sent for everything in /_utils.
-
-    .. code-block:: ini
-
-      [csp]
-      enable = true
-
-Then restart CouchDB.
-
-Have fun!


Mime
View raw message