diff options
Diffstat (limited to 'src/assets')
| -rw-r--r-- | src/assets/javascripts/services.js | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/src/assets/javascripts/services.js b/src/assets/javascripts/services.js index 0b157065..6aeeff7c 100644 --- a/src/assets/javascripts/services.js +++ b/src/assets/javascripts/services.js @@ -742,6 +742,44 @@ function processUpdate() { }) } +// For websites that have a strict policy that would not normally allow these frontends to be embedded within the website. +function modifyContentSecurityPolicy(details) { + let isChanged = false + if (details.type == "main_frame") { + for (const header in details.responseHeaders) { + if (details.responseHeaders[header].name == "content-security-policy") { + let instancesList = [] + for (const service in config.services) { + if (config.services[service].embeddable) { + for (const frontend in config.services[service].frontends) { + if (config.services[service].frontends[frontend].embeddable) { + for (const network in config.networks) { + instancesList.push(...options[frontend][network].enabled, ...options[frontend][network].custom) + } + } + } + } + } + let securityPolicyList = details.responseHeaders[header].value.split(";") + for (const i in securityPolicyList) securityPolicyList[i] = securityPolicyList[i].trim() + let newSecurity = "" + for (const item of securityPolicyList) { + if (item.trim() == "") continue + let regex = item.match(/([a-z-]{0,}) (.*)/) + if (regex == null) continue + let [, key, vals] = regex + if (key == "frame-src") vals = vals + " " + instancesList.join(" ") + newSecurity += key + " " + vals + "; " + } + + details.responseHeaders[header].value = newSecurity + isChanged = true + } + } + if (isChanged) return { responseHeaders: details.responseHeaders } + } +} + export default { redirect, computeService, @@ -752,4 +790,5 @@ export default { initDefaults, upgradeOptions, processUpdate, + modifyContentSecurityPolicy, } |