mirror of
https://github.com/zedeus/nitter.git
synced 2024-06-10 00:59:22 +00:00
Add support for using a nonce with the Content-Security-Policy header
This commit is contained in:
parent
5eb010e7cd
commit
289edc973c
|
@ -21,6 +21,7 @@ redisMaxConnections = 30
|
||||||
|
|
||||||
[Config]
|
[Config]
|
||||||
hmacKey = "secretkey" # random key for cryptographic signing of video urls
|
hmacKey = "secretkey" # random key for cryptographic signing of video urls
|
||||||
|
nonceString = "secretstring" # random string for the Content-Security-Policy header with script-src
|
||||||
base64Media = false # use base64 encoding for proxied media urls
|
base64Media = false # use base64 encoding for proxied media urls
|
||||||
enableRSS = true # set this to false to disable RSS feeds
|
enableRSS = true # set this to false to disable RSS feeds
|
||||||
enableDebug = false # enable request logs and debug endpoints (/.accounts)
|
enableDebug = false # enable request logs and debug endpoints (/.accounts)
|
||||||
|
|
|
@ -35,6 +35,7 @@ proc getConfig*(path: string): (Config, parseCfg.Config) =
|
||||||
|
|
||||||
# Config
|
# Config
|
||||||
hmacKey: cfg.get("Config", "hmacKey", "secretkey"),
|
hmacKey: cfg.get("Config", "hmacKey", "secretkey"),
|
||||||
|
nonceString: cfg.get("Config", "nonceString", "secretstring"),
|
||||||
base64Media: cfg.get("Config", "base64Media", false),
|
base64Media: cfg.get("Config", "base64Media", false),
|
||||||
minTokens: cfg.get("Config", "tokenCount", 10),
|
minTokens: cfg.get("Config", "tokenCount", 10),
|
||||||
enableRss: cfg.get("Config", "enableRSS", true),
|
enableRss: cfg.get("Config", "enableRSS", true),
|
||||||
|
|
|
@ -256,6 +256,7 @@ type
|
||||||
staticDir*: string
|
staticDir*: string
|
||||||
|
|
||||||
hmacKey*: string
|
hmacKey*: string
|
||||||
|
nonceString*: string
|
||||||
base64Media*: bool
|
base64Media*: bool
|
||||||
minTokens*: int
|
minTokens*: int
|
||||||
enableRss*: bool
|
enableRss*: bool
|
||||||
|
|
|
@ -73,11 +73,11 @@ proc renderHead*(prefs: Prefs; cfg: Config; req: Request; titleText=""; desc="";
|
||||||
link(rel="alternate", type="application/rss+xml", href=rss, title="RSS feed")
|
link(rel="alternate", type="application/rss+xml", href=rss, title="RSS feed")
|
||||||
|
|
||||||
if prefs.hlsPlayback:
|
if prefs.hlsPlayback:
|
||||||
script(src="/js/hls.light.min.js", `defer`="")
|
script(nonce=cfg.nonceString, src="/js/hls.light.min.js", `defer`="")
|
||||||
script(src="/js/hlsPlayback.js", `defer`="")
|
script(nonce=cfg.nonceString, src="/js/hlsPlayback.js", `defer`="")
|
||||||
|
|
||||||
if prefs.infiniteScroll:
|
if prefs.infiniteScroll:
|
||||||
script(src="/js/infiniteScroll.js", `defer`="")
|
script(nonce=cfg.nonceString, src="/js/infiniteScroll.js", `defer`="")
|
||||||
|
|
||||||
title:
|
title:
|
||||||
if titleText.len > 0:
|
if titleText.len > 0:
|
||||||
|
|
Loading…
Reference in a new issue