Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Skip setting the 'default_csp' TH1 variable if it already exists (e.g. it was manually overridden via the TH1 setup script). |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | dynamicCsp |
Files: | files | file ages | folders |
SHA3-256: |
0b885bb952c66baaed081e4326ca0f89 |
User & Date: | mistachkin 2019-02-17 06:18:43.573 |
Original Comment: | Skip setting the 'default_csp' TH1 variable if it already exists (i.e. it was manually overridden). |
Context
2019-02-17
| ||
07:16 | Add the 'nonce' command to TH1. Improve clarity of the 'default_csp' variable handling and add comments. ... (check-in: 68e6b07e user: mistachkin tags: dynamicCsp) | |
06:18 | Skip setting the 'default_csp' TH1 variable if it already exists (e.g. it was manually overridden via the TH1 setup script). ... (check-in: 0b885bb9 user: mistachkin tags: dynamicCsp) | |
05:32 | Merge updates from trunk. ... (check-in: cb881aab user: mistachkin tags: dynamicCsp) | |
Changes
Changes to src/style.c.
︙ | ︙ | |||
403 404 405 406 407 408 409 | ; /* ** Initialize all the default TH1 variables */ static void style_init_th1_vars(const char *zTitle){ const char *zNonce = style_nonce(); | < < < < > > > > > | | > | 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 | ; /* ** Initialize all the default TH1 variables */ static void style_init_th1_vars(const char *zTitle){ const char *zNonce = style_nonce(); Th_Store("nonce", zNonce); Th_Store("project_name", db_get("project-name","Unnamed Fossil Project")); Th_Store("project_description", db_get("project-description","")); if( zTitle ) Th_Store("title", zTitle); Th_Store("baseurl", g.zBaseURL); Th_Store("secureurl", fossil_wants_https(1)? g.zHttpsURL: g.zBaseURL); if( !Th_ExistsVar(g.interp, "default_csp", -1) ){ char *zDfltCsp = sqlite3_mprintf("default-src 'self' data: ; " "script-src 'self' 'nonce-%s' ; " "style-src 'self' 'unsafe-inline'", zNonce); Th_Store("default_csp", zDfltCsp); sqlite3_free(zDfltCsp); } Th_Store("home", g.zTop); Th_Store("index_page", db_get("index-page","/home")); if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath); Th_Store("current_page", local_zCurrentPage); Th_Store("csrf_token", g.zCsrfToken); Th_Store("release_version", RELEASE_VERSION); Th_Store("manifest_version", MANIFEST_VERSION); |
︙ | ︙ |