Fossil

Check-in [0b885bb9]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Skip setting the 'default_csp' TH1 variable if it already exists (e.g. it was manually overridden via the TH1 setup script).
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | dynamicCsp
Files: files | file ages | folders
SHA3-256: 0b885bb952c66baaed081e4326ca0f89b15007d750112f958a10e8d158bb2f91
User & Date: mistachkin 2019-02-17 06:18:43.573
Original Comment: Skip setting the 'default_csp' TH1 variable if it already exists (i.e. it was manually overridden).
Context
2019-02-17
07:16
Add the 'nonce' command to TH1. Improve clarity of the 'default_csp' variable handling and add comments. ... (check-in: 68e6b07e user: mistachkin tags: dynamicCsp)
06:18
Skip setting the 'default_csp' TH1 variable if it already exists (e.g. it was manually overridden via the TH1 setup script). ... (check-in: 0b885bb9 user: mistachkin tags: dynamicCsp)
05:32
Merge updates from trunk. ... (check-in: cb881aab user: mistachkin tags: dynamicCsp)
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/style.c. 
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419





420
421

422
423
424
425
426
427
428

;

/*
** Initialize all the default TH1 variables
*/
static void style_init_th1_vars(const char *zTitle){
  const char *zNonce = style_nonce();
  char *zDfltCsp = sqlite3_mprintf("default-src 'self' data: ; "
                                   "script-src 'self' 'nonce-%s' ; "
                                   "style-src 'self' 'unsafe-inline'",
                                   zNonce);
  Th_Store("nonce", zNonce);
  Th_Store("project_name", db_get("project-name","Unnamed Fossil Project"));
  Th_Store("project_description", db_get("project-description",""));
  if( zTitle ) Th_Store("title", zTitle);
  Th_Store("baseurl", g.zBaseURL);
  Th_Store("secureurl", fossil_wants_https(1)? g.zHttpsURL: g.zBaseURL);





  Th_Store("default_csp", zDfltCsp);
  sqlite3_free(zDfltCsp);

  Th_Store("home", g.zTop);
  Th_Store("index_page", db_get("index-page","/home"));
  if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath);
  Th_Store("current_page", local_zCurrentPage);
  Th_Store("csrf_token", g.zCsrfToken);
  Th_Store("release_version", RELEASE_VERSION);
  Th_Store("manifest_version", MANIFEST_VERSION);








<
<
<
<






>
>
>
>
>
|
|
>








403
404
405
406
407
408
409




410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430

;

/*
** Initialize all the default TH1 variables
*/
static void style_init_th1_vars(const char *zTitle){
  const char *zNonce = style_nonce();




  Th_Store("nonce", zNonce);
  Th_Store("project_name", db_get("project-name","Unnamed Fossil Project"));
  Th_Store("project_description", db_get("project-description",""));
  if( zTitle ) Th_Store("title", zTitle);
  Th_Store("baseurl", g.zBaseURL);
  Th_Store("secureurl", fossil_wants_https(1)? g.zHttpsURL: g.zBaseURL);
  if( !Th_ExistsVar(g.interp, "default_csp", -1) ){
    char *zDfltCsp = sqlite3_mprintf("default-src 'self' data: ; "
                                     "script-src 'self' 'nonce-%s' ; "
                                     "style-src 'self' 'unsafe-inline'",
                                     zNonce);
    Th_Store("default_csp", zDfltCsp);
    sqlite3_free(zDfltCsp);
  }
  Th_Store("home", g.zTop);
  Th_Store("index_page", db_get("index-page","/home"));
  if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath);
  Th_Store("current_page", local_zCurrentPage);
  Th_Store("csrf_token", g.zCsrfToken);
  Th_Store("release_version", RELEASE_VERSION);
  Th_Store("manifest_version", MANIFEST_VERSION);