mirror of https://github.com/wekan/wekan
The Open Source kanban (built with Meteor). Keep variable/table/field names camelCase. For translations, only add Pull Request changes to wekan/i18n/en.i18n.json , other translations are done at https://transifex.com/wekan/wekan only.
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
39 lines
1.4 KiB
39 lines
1.4 KiB
//import { BrowserPolicy } from 'meteor/browser-policy-common';
|
|
|
|
Meteor.startup(() => {
|
|
/*
|
|
// Default allowed
|
|
BrowserPolicy.content.allowInlineScripts();
|
|
BrowserPolicy.content.allowEval();
|
|
BrowserPolicy.content.allowInlineStyles();
|
|
BrowserPolicy.content.allowOriginForAll('*');
|
|
// Allow all images from anywhere
|
|
BrowserPolicy.content.allowImageOrigin('*');
|
|
BrowserPolicy.content.allowDataUrlForAll();
|
|
*/
|
|
|
|
if (process.env.BROWSER_POLICY_ENABLED === 'true') {
|
|
// Trusted URL that can embed Wekan in iFrame.
|
|
const trusted = process.env.TRUSTED_URL;
|
|
////BrowserPolicy.framing.disallow();
|
|
//Allow inline scripts, otherwise there is errors in browser/inspect/console
|
|
//BrowserPolicy.content.disallowInlineScripts();
|
|
//BrowserPolicy.content.disallowEval();
|
|
//BrowserPolicy.content.allowInlineStyles();
|
|
//BrowserPolicy.content.allowFontDataUrl();
|
|
////BrowserPolicy.framing.restrictToOrigin(trusted);
|
|
//BrowserPolicy.content.allowScriptOrigin(trusted);
|
|
} else {
|
|
// Disable browser policy and allow all framing and including.
|
|
// Use only at internal LAN, not at Internet.
|
|
////BrowserPolicy.framing.allowAll();
|
|
}
|
|
|
|
|
|
// If Matomo URL is set, allow it.
|
|
const matomoUrl = process.env.MATOMO_ADDRESS;
|
|
if (matomoUrl) {
|
|
//BrowserPolicy.content.allowScriptOrigin(matomoUrl);
|
|
//BrowserPolicy.content.allowImageOrigin(matomoUrl);
|
|
}
|
|
});
|
|
|