backports/thelounge: allow self https for connect-src
This commit is contained in:
parent
d871b6ca9d
commit
a17fecd2f2
2 changed files with 16 additions and 1 deletions
|
@ -2,7 +2,7 @@
|
|||
# Maintainer: Kay Thomas <kaythomas@pm.me>
|
||||
pkgname=thelounge
|
||||
pkgver=4.4.1
|
||||
pkgrel=0
|
||||
pkgrel=1
|
||||
pkgdesc="Modern, responsive, cross-platform, self-hosted web IRC client"
|
||||
url="https://thelounge.chat"
|
||||
# x86: textrels
|
||||
|
@ -19,6 +19,7 @@ install="$pkgname.pre-install $pkgname.post-install"
|
|||
source="$pkgname-$pkgver.tar.gz::https://github.com/thelounge/thelounge/archive/v$pkgver.tar.gz
|
||||
no-version-test.patch
|
||||
thelounge.initd
|
||||
allow-https-for-connect-src.patch
|
||||
"
|
||||
options="net" # npm
|
||||
|
||||
|
@ -78,4 +79,5 @@ sha512sums="
|
|||
7695121a713a23688bc6f52dae2574bab1288eea930fd50d4dd85037233e9f23bd8e460980c69cdd14ea8648da4720d84e8196547b6a18e69d2f478b43d6e29a thelounge-4.4.1.tar.gz
|
||||
cbf80e23b0af8f0185699d6b03816c645c51b85fff7f163d3cd3d00296ed816b6ab01529b359fbfd549a79e8adb72bbc83bc7a389cf13e0afd50636ff79a138e no-version-test.patch
|
||||
f367d27ebcc412ff03c12ae98e50aeae5051fb5ffa9da6220f664c59993ed0e330b55b3b41fe941d546634901163d006e318891b4b886f6c49a93e0888fccd3e thelounge.initd
|
||||
212e468d6cedaa528b7fad534b8ba0e7a3d69137940cdabd22dbe34375491900d5b7d577550aa3b245ad7775488a90e308019db55ff15e8ede105c4b9c15b015 allow-https-for-connect-src.patch
|
||||
"
|
||||
|
|
13
backports/thelounge/allow-https-for-connect-src.patch
Normal file
13
backports/thelounge/allow-https-for-connect-src.patch
Normal file
|
@ -0,0 +1,13 @@
|
|||
diff --git a/server/server.ts b/server/server.ts.orig
|
||||
index 7a1514e..5ecdea9 100644
|
||||
--- a/server/server.ts
|
||||
+++ b/server/server.ts.orig
|
||||
@@ -377,7 +377,7 @@ function addSecurityHeaders(req: Request, res: Response, next: NextFunction) {
|
||||
"default-src 'none'", // default to nothing
|
||||
"base-uri 'none'", // disallow <base>, has no fallback to default-src
|
||||
"form-action 'self'", // 'self' to fix saving passwords in Firefox, even though login is handled in javascript
|
||||
- "connect-src 'self' ws: wss:", // allow self for polling; websockets
|
||||
+ "connect-src 'self' ws: wss: https:", // allow self for polling; websockets
|
||||
"style-src 'self' https: 'unsafe-inline'", // allow inline due to use in irc hex colors
|
||||
"script-src 'self'", // javascript
|
||||
"worker-src 'self'", // service worker
|
Loading…
Reference in a new issue