oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #2026 from imachug/js-modules

Browse source 
ECMAScript modules
This commit is contained in:
ZeroNet 2019-05-20 17:06:17 +02:00 committed by GitHub
commit 25d6eea906
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/Ui/UiRequest.py
View file

@ -181,12 +181,12 @@ class UiRequest(object):
if file_name.endswith(".css"): # Force correct css content type if file_name.endswith(".css"): # Force correct css content type
content_type = "text/css" content_type = "text/css"
if file_name.endswith(".js"): # Force correct javascript content type
content_type = "text/javascript"
if file_name.endswith(".json"): # Correct json header
content_type = "application/json"
if not content_type: if not content_type:
if file_name.endswith(".json"): # Correct json header content_type = "application/octet-stream"
content_type = "application/json"
else:
content_type = "application/octet-stream"
return content_type return content_type
@ -251,6 +251,8 @@ class UiRequest(object):
headers["X-Frame-Options"] = "SAMEORIGIN" headers["X-Frame-Options"] = "SAMEORIGIN"
if content_type != "text/html" and self.env.get("HTTP_REFERER") and self.isSameOrigin(self.getReferer(), self.getRequestUrl()): if content_type != "text/html" and self.env.get("HTTP_REFERER") and self.isSameOrigin(self.getReferer(), self.getRequestUrl()):
headers["Access-Control-Allow-Origin"] = "*" # Allow load font files from css headers["Access-Control-Allow-Origin"] = "*" # Allow load font files from css
if content_type == "text/javascript" and not self.env.get("HTTP_REFERER"):
headers["Access-Control-Allow-Origin"] = "*" # Allow loading JavaScript modules in Chrome
if noscript: if noscript:
headers["Content-Security-Policy"] = "default-src 'none'; sandbox allow-top-navigation allow-forms; img-src 'self'; font-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline';" headers["Content-Security-Policy"] = "default-src 'none'; sandbox allow-top-navigation allow-forms; img-src 'self'; font-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline';"