diff --git a/backports/thelounge/APKBUILD b/backports/thelounge/APKBUILD index a08de3a..4753f9e 100644 --- a/backports/thelounge/APKBUILD +++ b/backports/thelounge/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Kay Thomas pkgname=thelounge pkgver=4.4.1 -pkgrel=0 +pkgrel=1 pkgdesc="Modern, responsive, cross-platform, self-hosted web IRC client" url="https://thelounge.chat" # x86: textrels @@ -19,6 +19,7 @@ install="$pkgname.pre-install $pkgname.post-install" source="$pkgname-$pkgver.tar.gz::https://github.com/thelounge/thelounge/archive/v$pkgver.tar.gz no-version-test.patch thelounge.initd + allow-https-for-connect-src.patch " options="net" # npm @@ -78,4 +79,5 @@ sha512sums=" 7695121a713a23688bc6f52dae2574bab1288eea930fd50d4dd85037233e9f23bd8e460980c69cdd14ea8648da4720d84e8196547b6a18e69d2f478b43d6e29a thelounge-4.4.1.tar.gz cbf80e23b0af8f0185699d6b03816c645c51b85fff7f163d3cd3d00296ed816b6ab01529b359fbfd549a79e8adb72bbc83bc7a389cf13e0afd50636ff79a138e no-version-test.patch f367d27ebcc412ff03c12ae98e50aeae5051fb5ffa9da6220f664c59993ed0e330b55b3b41fe941d546634901163d006e318891b4b886f6c49a93e0888fccd3e thelounge.initd +212e468d6cedaa528b7fad534b8ba0e7a3d69137940cdabd22dbe34375491900d5b7d577550aa3b245ad7775488a90e308019db55ff15e8ede105c4b9c15b015 allow-https-for-connect-src.patch " diff --git a/backports/thelounge/allow-https-for-connect-src.patch b/backports/thelounge/allow-https-for-connect-src.patch new file mode 100644 index 0000000..a147a91 --- /dev/null +++ b/backports/thelounge/allow-https-for-connect-src.patch @@ -0,0 +1,13 @@ +diff --git a/server/server.ts b/server/server.ts.orig +index 7a1514e..5ecdea9 100644 +--- a/server/server.ts ++++ b/server/server.ts.orig +@@ -377,7 +377,7 @@ function addSecurityHeaders(req: Request, res: Response, next: NextFunction) { + "default-src 'none'", // default to nothing + "base-uri 'none'", // disallow , has no fallback to default-src + "form-action 'self'", // 'self' to fix saving passwords in Firefox, even though login is handled in javascript +- "connect-src 'self' ws: wss:", // allow self for polling; websockets ++ "connect-src 'self' ws: wss: https:", // allow self for polling; websockets + "style-src 'self' https: 'unsafe-inline'", // allow inline due to use in irc hex colors + "script-src 'self'", // javascript + "worker-src 'self'", // service worker