diff options
author | David Mehren | 2021-02-16 20:15:15 +0100 |
---|---|---|
committer | GitHub | 2021-02-16 20:15:15 +0100 |
commit | 59819be34c2428450528362a5bbb74b6424d15d2 (patch) | |
tree | ad80595f5dd94a7ac63bc1481943ae7b356ddb17 /lib/csp.js | |
parent | 6b8fa94402539168a5bd574ddcc17eeae4910bd0 (diff) | |
parent | 136d895d155f28c2e75b3af206549acaa2a354ed (diff) |
Merge pull request #872 from hedgedoc/renovate/master-major-linters
Diffstat (limited to 'lib/csp.js')
-rw-r--r-- | lib/csp.js | 24 |
1 files changed, 12 insertions, 12 deletions
@@ -1,9 +1,9 @@ -var config = require('./config') -var uuid = require('uuid') +const config = require('./config') +const uuid = require('uuid') -var CspStrategy = {} +const CspStrategy = {} -var defaultDirectives = { +const defaultDirectives = { defaultSrc: ['\'self\''], scriptSrc: ['\'self\'', 'vimeo.com', 'https://gist.github.com', 'www.slideshare.net', 'https://query.yahooapis.com', '\'unsafe-eval\''], // ^ TODO: Remove unsafe-eval - webpack script-loader issues https://github.com/hackmdio/codimd/issues/594 @@ -16,28 +16,28 @@ var defaultDirectives = { connectSrc: ['*'] } -var cdnDirectives = { +const cdnDirectives = { scriptSrc: ['https://cdnjs.cloudflare.com', 'https://cdn.mathjax.org'], styleSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.googleapis.com'], fontSrc: ['https://cdnjs.cloudflare.com', 'https://fonts.gstatic.com'] } -var disqusDirectives = { +const disqusDirectives = { scriptSrc: ['https://disqus.com', 'https://*.disqus.com', 'https://*.disquscdn.com'], styleSrc: ['https://*.disquscdn.com'], fontSrc: ['https://*.disquscdn.com'] } -var googleAnalyticsDirectives = { +const googleAnalyticsDirectives = { scriptSrc: ['https://www.google-analytics.com'] } -var dropboxDirectives = { +const dropboxDirectives = { scriptSrc: ['https://www.dropbox.com', '\'unsafe-inline\''] } CspStrategy.computeDirectives = function () { - var directives = {} + const directives = {} mergeDirectives(directives, config.csp.directives) mergeDirectivesIf(config.csp.addDefaults, directives, defaultDirectives) mergeDirectivesIf(config.useCDN, directives, cdnDirectives) @@ -53,10 +53,10 @@ CspStrategy.computeDirectives = function () { } function mergeDirectives (existingDirectives, newDirectives) { - for (var propertyName in newDirectives) { - var newDirective = newDirectives[propertyName] + for (const propertyName in newDirectives) { + const newDirective = newDirectives[propertyName] if (newDirective) { - var existingDirective = existingDirectives[propertyName] || [] + const existingDirective = existingDirectives[propertyName] || [] existingDirectives[propertyName] = existingDirective.concat(newDirective) } } |