Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Skip setting the 'default_csp' TH1 variable if it already exists (e.g. it was manually overridden via the TH1 setup script). |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | dynamicCsp |
| Files: | files | file ages | folders |
| SHA3-256: |
0b885bb952c66baaed081e4326ca0f89 |
| User & Date: | mistachkin 2019-02-17 06:18:43 |
| Original Comment: | Skip setting the 'default_csp' TH1 variable if it already exists (i.e. it was manually overridden). |
Context
|
2019-02-17
| ||
| 07:16 | Add the 'nonce' command to TH1. Improve clarity of the 'default_csp' variable handling and add comments. (check-in: 68e6b07e user: mistachkin tags: dynamicCsp) | |
| 06:18 | Skip setting the 'default_csp' TH1 variable if it already exists (e.g. it was manually overridden via the TH1 setup script). (check-in: 0b885bb9 user: mistachkin tags: dynamicCsp) | |
| 05:32 | Merge updates from trunk. (check-in: cb881aab user: mistachkin tags: dynamicCsp) | |
Changes
Changes to src/style.c.
403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 |
;
/*
** Initialize all the default TH1 variables
*/
static void style_init_th1_vars(const char *zTitle){
const char *zNonce = style_nonce();
char *zDfltCsp = sqlite3_mprintf("default-src 'self' data: ; "
"script-src 'self' 'nonce-%s' ; "
"style-src 'self' 'unsafe-inline'",
zNonce);
Th_Store("nonce", zNonce);
Th_Store("project_name", db_get("project-name","Unnamed Fossil Project"));
Th_Store("project_description", db_get("project-description",""));
if( zTitle ) Th_Store("title", zTitle);
Th_Store("baseurl", g.zBaseURL);
Th_Store("secureurl", fossil_wants_https(1)? g.zHttpsURL: g.zBaseURL);
Th_Store("default_csp", zDfltCsp);
sqlite3_free(zDfltCsp);
Th_Store("home", g.zTop);
Th_Store("index_page", db_get("index-page","/home"));
if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath);
Th_Store("current_page", local_zCurrentPage);
Th_Store("csrf_token", g.zCsrfToken);
Th_Store("release_version", RELEASE_VERSION);
Th_Store("manifest_version", MANIFEST_VERSION);
|
< < < < > > > > > | | > |
403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 |
;
/*
** Initialize all the default TH1 variables
*/
static void style_init_th1_vars(const char *zTitle){
const char *zNonce = style_nonce();
Th_Store("nonce", zNonce);
Th_Store("project_name", db_get("project-name","Unnamed Fossil Project"));
Th_Store("project_description", db_get("project-description",""));
if( zTitle ) Th_Store("title", zTitle);
Th_Store("baseurl", g.zBaseURL);
Th_Store("secureurl", fossil_wants_https(1)? g.zHttpsURL: g.zBaseURL);
if( !Th_ExistsVar(g.interp, "default_csp", -1) ){
char *zDfltCsp = sqlite3_mprintf("default-src 'self' data: ; "
"script-src 'self' 'nonce-%s' ; "
"style-src 'self' 'unsafe-inline'",
zNonce);
Th_Store("default_csp", zDfltCsp);
sqlite3_free(zDfltCsp);
}
Th_Store("home", g.zTop);
Th_Store("index_page", db_get("index-page","/home"));
if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath);
Th_Store("current_page", local_zCurrentPage);
Th_Store("csrf_token", g.zCsrfToken);
Th_Store("release_version", RELEASE_VERSION);
Th_Store("manifest_version", MANIFEST_VERSION);
|