Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | When rendering the default header via TH1, allow the default Content-Security-Policy content to be overridden via the 'default_csp' variable. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | dynamicCsp |
Files: | files | file ages | folders |
SHA3-256: |
0fe4c7d97377e56a8665d678a869bde9 |
User & Date: | mistachkin 2019-02-15 20:51:10.024 |
Context
2019-02-17
| ||
05:32 | Merge updates from trunk. ... (check-in: cb881aab user: mistachkin tags: dynamicCsp) | |
2019-02-15
| ||
20:51 | When rendering the default header via TH1, allow the default Content-Security-Policy content to be overridden via the 'default_csp' variable. ... (check-in: 0fe4c7d9 user: mistachkin tags: dynamicCsp) | |
2019-02-08
| ||
13:28 | Update the built-in SQLite to version 3.27.1. ... (check-in: cf6682b1 user: drh tags: trunk) | |
Changes
Changes to src/style.c.
︙ | ︙ | |||
387 388 389 390 391 392 393 | ** header template lacks a <body> tag, then all of the following is ** prepended. */ static char zDfltHeader[] = @ <html> @ <head> @ <base href="$baseurl/$current_page" /> | | < < < > > > > > | > > | 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 | ** header template lacks a <body> tag, then all of the following is ** prepended. */ static char zDfltHeader[] = @ <html> @ <head> @ <base href="$baseurl/$current_page" /> @ <meta http-equiv="Content-Security-Policy" content="$default_csp" /> @ <meta name="viewport" content="width=device-width, initial-scale=1.0"> @ <title>$<project_name>: $<title></title> @ <link rel="alternate" type="application/rss+xml" title="RSS Feed" \ @ href="$home/timeline.rss" /> @ <link rel="stylesheet" href="$stylesheet_url" type="text/css" \ @ media="screen" /> @ </head> @ <body> ; /* ** Initialize all the default TH1 variables */ static void style_init_th1_vars(const char *zTitle){ const char *zNonce = style_nonce(); char *zDfltCsp = sqlite3_mprintf("default-src 'self' data: ; " "script-src 'self' 'nonce-%s' ; " "style-src 'self' 'unsafe-inline'", zNonce); Th_Store("nonce", zNonce); Th_Store("project_name", db_get("project-name","Unnamed Fossil Project")); Th_Store("project_description", db_get("project-description","")); if( zTitle ) Th_Store("title", zTitle); Th_Store("baseurl", g.zBaseURL); Th_Store("secureurl", fossil_wants_https(1)? g.zHttpsURL: g.zBaseURL); Th_Store("default_csp", zDfltCsp); sqlite3_free(zDfltCsp); Th_Store("home", g.zTop); Th_Store("index_page", db_get("index-page","/home")); if( local_zCurrentPage==0 ) style_set_current_page("%T", g.zPath); Th_Store("current_page", local_zCurrentPage); Th_Store("csrf_token", g.zCsrfToken); Th_Store("release_version", RELEASE_VERSION); Th_Store("manifest_version", MANIFEST_VERSION); |
︙ | ︙ |
Changes to www/customskin.md.
︙ | ︙ | |||
231 232 233 234 235 236 237 238 239 240 241 242 243 244 | specified by the Admin/Configuration setup page. * **current_page** - The name of the page currently being processed, without the leading "/" and without query parameters. Examples: "timeline", "doc/trunk/README.txt", "wiki". * **csrf_token** - A token used to prevent cross-site request forgery. * **release_version** - The release version of Fossil. Ex: "1.31" * **manifest_version** - A prefix on the check-in hash of the specific version of fossil that is running. Ex: "\[47bb6432a1\]" * **manifest_date** - The date of the source-code check-in for the | > > > | 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 | specified by the Admin/Configuration setup page. * **current_page** - The name of the page currently being processed, without the leading "/" and without query parameters. Examples: "timeline", "doc/trunk/README.txt", "wiki". * **csrf_token** - A token used to prevent cross-site request forgery. * **default_csp** - The content to be used within the default header for the "Content-Security-Policy" meta tag. * **release_version** - The release version of Fossil. Ex: "1.31" * **manifest_version** - A prefix on the check-in hash of the specific version of fossil that is running. Ex: "\[47bb6432a1\]" * **manifest_date** - The date of the source-code check-in for the |
︙ | ︙ |