82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
static unsigned adUnitFlags = 0;
/*
** Submenu disable flag
*/
static int submenuEnable = 1;
/*
** Disable content-security-policy.
** Warning: Do not disable the CSP without careful consideration!
*/
static int disableCSP = 0;
|
<
<
<
<
<
<
|
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
static unsigned adUnitFlags = 0;
/*
** Submenu disable flag
*/
static int submenuEnable = 1;
/*
** Flags for various javascript files needed prior to </body>
*/
static int needHrefJs = 0; /* href.js */
/*
** Extra JS added to the end of the file.
|
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
|
"style-src 'self' 'unsafe-inline'; "
"img-src * data:";
const char *zFormat;
Blob csp;
char *zNonce;
char *zCsp;
int i;
if( disableCSP ) return fossil_strdup("");
if( zFormat==0 ){
zFormat = zBackupCSP;
}
blob_init(&csp, 0, 0);
while( zFormat[0] && (zNonce = strstr(zFormat,"$nonce"))!=0 ){
blob_append(&csp, zFormat, (int)(zNonce - zFormat));
blob_append(&csp, style_nonce(), -1);
zFormat = zNonce + 6;
}
blob_append(&csp, zFormat, -1);
zCsp = blob_str(&csp);
/* No whitespace other than actual space characters allowed in the CSP
** string. See https://fossil-scm.org/forum/forumpost/d29e3af43c */
for(i=0; zCsp[i]; i++){ if( fossil_isspace(zCsp[i]) ) zCsp[i] = ' '; }
if( toHeader ){
cgi_printf_header("Content-Security-Policy: %s\r\n", zCsp);
}
return zCsp;
}
/*
** Disable content security policy for the current page.
** WARNING: Do not do this lightly!
**
** This routine must be called before the CSP is sued by
** style_header().
*/
void style_disable_csp(void){
disableCSP = 1;
}
|
<
|
<
<
<
<
<
<
<
<
<
<
<
|
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
|
"style-src 'self' 'unsafe-inline'; "
"img-src * data:";
const char *zFormat;
Blob csp;
char *zNonce;
char *zCsp;
int i;
zFormat = db_get("default-csp",0);
if( zFormat==0 || zFormat[0]==0 ){
zFormat = zBackupCSP;
}
blob_init(&csp, 0, 0);
while( zFormat[0] && (zNonce = strstr(zFormat,"$nonce"))!=0 ){
blob_append(&csp, zFormat, (int)(zNonce - zFormat));
blob_append(&csp, style_nonce(), -1);
zFormat = zNonce + 6;
}
blob_append(&csp, zFormat, -1);
zCsp = blob_str(&csp);
/* No whitespace other than actual space characters allowed in the CSP
** string. See https://fossil-scm.org/forum/forumpost/d29e3af43c */
for(i=0; zCsp[i]; i++){ if( fossil_isspace(zCsp[i]) ) zCsp[i] = ' '; }
if( toHeader ){
cgi_printf_header("Content-Security-Policy: %s\r\n", zCsp);
}
return zCsp;
}
/*
** Default HTML page header text through <body>. If the repository-specific
** header template lacks a <body> tag, then all of the following is
** prepended.
*/
static const char zDfltHeader[] =
@ <html>
|