3 files changed, 44 insertions, 0 deletions

diff --git a/lib/config/default.js b/lib/config/default.js
index 000c154a..28f4490c 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -13,6 +13,13 @@ module.exports = {
     includeSubdomains: true,
     preload: true
   },
+  csp: {
+    enable: true,
+    directives: {
+    },
+    addDefaults: true,
+    upgradeInsecureRequests: 'auto'
+  },
   protocolusessl: false,
   usecdn: true,
   allowanonymous: true,
@@ -55,6 +62,13 @@ module.exports = {
     secretAccessKey: undefined,
     region: undefined
   },
+  minio: {
+    accessKey: undefined,
+    secretKey: undefined,
+    endPoint: undefined,
+    secure: true,
+    port: 9000
+  },
   s3bucket: undefined,
   // authentication
   facebook: {
diff --git a/lib/config/environment.js b/lib/config/environment.js
index eedd4913..e2112b6a 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -14,6 +14,9 @@ module.exports = {
     includeSubdomains: toBooleanConfig(process.env.HMD_HSTS_INCLUDE_SUBDOMAINS),
     preload: toBooleanConfig(process.env.HMD_HSTS_PRELOAD)
   },
+  csp: {
+    enable: toBooleanConfig(process.env.HMD_CSP_ENABLE)
+  },
   protocolusessl: toBooleanConfig(process.env.HMD_PROTOCOL_USESSL),
   alloworigin: toArrayConfig(process.env.HMD_ALLOW_ORIGIN),
   usecdn: toBooleanConfig(process.env.HMD_USECDN),
@@ -31,6 +34,13 @@ module.exports = {
     secretAccessKey: process.env.HMD_S3_SECRET_ACCESS_KEY,
     region: process.env.HMD_S3_REGION
   },
+  minio: {
+    accessKey: process.env.HMD_MINIO_ACCESS_KEY,
+    secretKey: process.env.HMD_MINIO_SECRET_KEY,
+    endPoint: process.env.HMD_MINIO_ENDPOINT,
+    secure: toBooleanConfig(process.env.HMD_MINIO_SECURE),
+    port: process.env.HMD_MINIO_PORT
+  },
   s3bucket: process.env.HMD_S3_BUCKET,
   facebook: {
     clientID: process.env.HMD_FACEBOOK_CLIENTID,
diff --git a/lib/config/index.js b/lib/config/index.js
index 3d22c3c3..4f6b4b6a 100644
--- a/lib/config/index.js
+++ b/lib/config/index.js
@@ -97,6 +97,26 @@ config.isLDAPEnable = config.ldap.url
 config.isSAMLEnable = config.saml.idpSsoUrl
 config.isPDFExportEnable = config.allowpdfexport
 
+// figure out mime types for image uploads
+switch (config.imageUploadType) {
+  case 'imgur':
+    config.allowedUploadMimeTypes = [
+      'image/jpeg',
+      'image/png',
+      'image/jpg',
+      'image/gif'
+    ]
+    break
+  default:
+    config.allowedUploadMimeTypes = [
+      'image/jpeg',
+      'image/png',
+      'image/jpg',
+      'image/gif',
+      'image/svg+xml'
+    ]
+}
+
 // generate correct path
 config.sslcapath.forEach(function (capath, i, array) {
   array[i] = path.resolve(appRootPath, capath)