couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robertkowal...@apache.org
Subject [8/8] couchdb commit: updated refs/heads/enable-csp-default to 4292bd5
Date Fri, 19 Sep 2014 16:58:24 GMT
Enable CSP support for /_utils per default

With Futon getting removed in 2.x, which had too much inline-
JavaScript etc., is not used any more. Fauxton is able to work
with our default CSP settings.


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/4292bd5b
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/4292bd5b
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/4292bd5b

Branch: refs/heads/enable-csp-default
Commit: 4292bd5bcd3e218341c105e2a573e46ed4bc32a2
Parents: bb7ad62
Author: Robert Kowalski <rok@kowalski.gd>
Authored: Sat Sep 6 20:49:12 2014 +0200
Committer: Robert Kowalski <rok@kowalski.gd>
Committed: Fri Sep 19 18:56:21 2014 +0200

----------------------------------------------------------------------
 rel/overlay/etc/default.ini    |  4 ++--
 share/doc/src/experimental.rst | 17 -----------------
 2 files changed, 2 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/4292bd5b/rel/overlay/etc/default.ini
----------------------------------------------------------------------
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index 2585ebb..5aff5d0 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -79,9 +79,9 @@ iterations = 10 ; iterations for password hashing
 ; comma-separated list of public fields, 404 if empty
 ; public_fields =
 
-; Experimental CSP (Content Security Policy) Support for _utils
+; CSP (Content Security Policy) Support for _utils
 [csp]
-enable = false
+enable = true
 ; header_value = default-src 'self'; img-src 'self'; font-src *; script-src 'self' 'unsafe-eval';
style-src 'self' 'unsafe-inline';
 
 [cors]

http://git-wip-us.apache.org/repos/asf/couchdb/blob/4292bd5b/share/doc/src/experimental.rst
----------------------------------------------------------------------
diff --git a/share/doc/src/experimental.rst b/share/doc/src/experimental.rst
index fae925c..077fcaa 100644
--- a/share/doc/src/experimental.rst
+++ b/share/doc/src/experimental.rst
@@ -79,20 +79,3 @@ Plugins
 =======
 
 See `src/couch_plugins/README.md`.
-
-
-Content-Security-Policy (CSP) Header Support for /_utils (Fauxton)
-==================================================================
-
-This will just work with Fauxton, and not Futon. You can enable it
-in your config: you can enable the feature in general and change
-the default header that is sent for everything in /_utils.
-
-    .. code-block:: ini
-
-      [csp]
-      enable = true
-
-Then restart CouchDB.
-
-Have fun!


Mime
View raw message