3 files changed, 27 insertions, 1 deletions

diff --git a/lib/config/default.js b/lib/config/default.js
index 40803476..28f4490c 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -13,9 +13,17 @@ module.exports = {
     includeSubdomains: true,
     preload: true
   },
+  csp: {
+    enable: true,
+    directives: {
+    },
+    addDefaults: true,
+    upgradeInsecureRequests: 'auto'
+  },
   protocolusessl: false,
   usecdn: true,
   allowanonymous: true,
+  allowanonymousedits: false,
   allowfreeurl: false,
   defaultpermission: 'editable',
   dburl: '',
@@ -54,6 +62,13 @@ module.exports = {
     secretAccessKey: undefined,
     region: undefined
   },
+  minio: {
+    accessKey: undefined,
+    secretKey: undefined,
+    endPoint: undefined,
+    secure: true,
+    port: 9000
+  },
   s3bucket: undefined,
   // authentication
   facebook: {
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 5a297382..e2112b6a 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -14,10 +14,14 @@ module.exports = {
     includeSubdomains: toBooleanConfig(process.env.HMD_HSTS_INCLUDE_SUBDOMAINS),
     preload: toBooleanConfig(process.env.HMD_HSTS_PRELOAD)
   },
+  csp: {
+    enable: toBooleanConfig(process.env.HMD_CSP_ENABLE)
+  },
   protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL),
   alloworigin: toArrayConfig(process.env.HMD_ALLOW_ORIGIN),
   usecdn: toBooleanConfig(process.env.HMD_USECDN),
   allowanonymous: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS),
+  allowanonymousedits: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS_EDITS),
   allowfreeurl: toBooleanConfig(process.env.HMD_ALLOW_FREEURL),
   defaultpermission: process.env.HMD_DEFAULT_PERMISSION,
   dburl: process.env.HMD_DB_URL,
@@ -30,6 +34,13 @@ module.exports = {
     secretAccessKey: process.env.HMD_S3_SECRET_ACCESS_KEY,
     region: process.env.HMD_S3_REGION
   },
+  minio: {
+    accessKey: process.env.HMD_MINIO_ACCESS_KEY,
+    secretKey: process.env.HMD_MINIO_SECRET_KEY,
+    endPoint: process.env.HMD_MINIO_ENDPOINT,
+    secure: toBooleanConfig(process.env.HMD_MINIO_SECURE),
+    port: process.env.HMD_MINIO_PORT
+  },
   s3bucket: process.env.HMD_S3_BUCKET,
   facebook: {
     clientID: process.env.HMD_FACEBOOK_CLIENTID,
diff --git a/lib/config/index.js b/lib/config/index.js
index 13c4692c..4f6b4b6a 100644
--- a/lib/config/index.js
+++ b/lib/config/index.js
@@ -49,7 +49,7 @@ if (config.ldap.tlsca) {
 
 // Permission
 config.permission = Permission
-if (!config.allowanonymous) {
+if (!config.allowanonymous && !config.allowanonymousedits) {
   delete config.permission.freely
 }
 if (!(config.defaultpermission in config.permission)) {