Merge branch 'ckwalsh-detect_base_url' into master

This commit is contained in:
timvisee 2021-05-07 12:38:24 +02:00
commit ed042b8515
No known key found for this signature in database
GPG Key ID: B8DB720BC383E172
3 changed files with 29 additions and 8 deletions

View File

@ -130,6 +130,11 @@ const conf = convict({
default: 'https://send.firefox.com',
env: 'BASE_URL'
},
detect_base_url: {
format: Boolean,
default: false,
env: 'DETECT_BASE_URL'
},
file_dir: {
format: 'String',
default: `${tmpdir()}${path.sep}send-${randomBytes(4).toString('hex')}`,
@ -206,4 +211,18 @@ const conf = convict({
conf.validate({ allowed: 'strict' });
const props = conf.getProperties();
module.exports = props;
const deriveBaseUrl = (req) => {
if (props.detect_base_url) {
const protocol = req.secure ? 'https://' : 'http://';
return `${protocol}${req.headers.host}`;
} else {
return props.base_url;
}
};
module.exports = {
...props,
deriveBaseUrl,
};

View File

@ -36,9 +36,14 @@ module.exports = function(app) {
defaultSrc: ["'self'"],
connectSrc: [
"'self'",
config.base_url.replace(/^https:\/\//, 'wss://')
function(req) {
const baseUrl = config.deriveBaseUrl(req);
const r = baseUrl.replace(/^http(s?):\/\//, 'ws$1://');
console.log([baseUrl, r]);
return r;
}
],
imgSrc: ["'self'", "data:"],
imgSrc: ["'self'", 'data:'],
scriptSrc: [
"'self'",
function(req) {
@ -52,10 +57,6 @@ module.exports = function(app) {
}
};
csp.directives.connectSrc.push(
config.base_url.replace(/^https:\/\//, 'wss://')
);
app.use(helmet.contentSecurityPolicy(csp));
}

View File

@ -23,6 +23,7 @@ module.exports = async function(req) {
if (config.survey_url) {
prefs.surveyUrl = config.survey_url;
}
const baseUrl = config.deriveBaseUrl(req);
return {
archive: {
numFiles: 0
@ -33,7 +34,7 @@ module.exports = async function(req) {
title: 'Send',
description:
'Encrypt and send files with a link that automatically expires to ensure your important documents dont stay online forever.',
baseUrl: config.base_url,
baseUrl,
ui: {},
storage: {
files: []