Set correct mime type in jailed. Set correct types on script imports in bonfire/show. Open helmet up to potentially unsafe levels by allowing "* unsafe-inline" in scriptSrc.
parent
68420149b0
commit
72339f9183
5
app.js
5
app.js
|
@ -115,6 +115,7 @@ app.disable('x-powered-by');
|
|||
app.use(helmet.xssFilter());
|
||||
app.use(helmet.noSniff());
|
||||
app.use(helmet.xframe());
|
||||
/*
|
||||
app.use(function(req, res, next) {
|
||||
res.header('Access-Control-Allow-Origin', '*');
|
||||
res.header('Access-Control-Allow-Headers',
|
||||
|
@ -122,6 +123,7 @@ app.use(function(req, res, next) {
|
|||
);
|
||||
next();
|
||||
});
|
||||
*/
|
||||
|
||||
var trusted = [
|
||||
"'self'",
|
||||
|
@ -167,7 +169,8 @@ app.use(helmet.contentSecurityPolicy({
|
|||
scriptSrc: [
|
||||
'*.optimizely.com',
|
||||
'*.aspnetcdn.com',
|
||||
'*.d3js.org'
|
||||
'*.d3js.org',
|
||||
"* 'unsafe-inline'"
|
||||
].concat(trusted),
|
||||
'connect-src': [
|
||||
'ws://*.rafflecopter.com',
|
||||
|
|
|
@ -1 +1 @@
|
|||
<script src="_frame.js"></script>
|
||||
<script sandbox="allow-same-origin allow-scripts" src="_frame.js"></script>
|
||||
|
|
|
@ -24,12 +24,19 @@ var blobCode = [
|
|||
' }); '
|
||||
].join('\n');
|
||||
|
||||
var blobUrl = window.URL.createObjectURL(
|
||||
new Blob([blobCode])
|
||||
);
|
||||
var blobUrl;
|
||||
try {
|
||||
blobUrl = new Blob([blobCode], {type: 'application/javascript'});
|
||||
} catch (e) {
|
||||
window.BlobBuilder = window.BlobBuilder
|
||||
|| window.WebKitBlobBuilder
|
||||
|| window.MozBlobBuilder;
|
||||
blobUrl = new BlobBuilder();
|
||||
blobUrl.append(blobCode);
|
||||
blobUrl = blobUrl.getBlob();
|
||||
}
|
||||
|
||||
|
||||
var worker = new Worker(blobUrl);
|
||||
var worker = new Worker(URL.createObjectURL(blobUrl));
|
||||
|
||||
// telling worker to load _pluginWeb.js (see blob code above)
|
||||
worker.postMessage({
|
||||
|
|
|
@ -1,21 +1,21 @@
|
|||
extends ../layout-wide
|
||||
block content
|
||||
|
||||
script(src='/js/lib/codemirror/lib/codemirror.js')
|
||||
script(src='/js/lib/codemirror/addon/edit/closebrackets.js')
|
||||
script(src='/js/lib/codemirror/addon/edit/matchbrackets.js')
|
||||
script(src='/js/lib/codemirror/addon/lint/lint.js')
|
||||
script(src='/js/lib/codemirror/addon/lint/javascript-lint.js')
|
||||
script(src='//ajax.aspnetcdn.com/ajax/jshint/r07/jshint.js')
|
||||
script(src='/js/lib/chai/chai.js')
|
||||
script(type='text/javascript', src='/js/lib/codemirror/lib/codemirror.js')
|
||||
script(type='text/javascript', src='/js/lib/codemirror/addon/edit/closebrackets.js')
|
||||
script(type='text/javascript', src='/js/lib/codemirror/addon/edit/matchbrackets.js')
|
||||
script(type='text/javascript', src='/js/lib/codemirror/addon/lint/lint.js')
|
||||
script(type='text/javascript', src='/js/lib/codemirror/addon/lint/javascript-lint.js')
|
||||
script(type='text/javascript', src='//ajax.aspnetcdn.com/ajax/jshint/r07/jshint.js')
|
||||
script(type='text/javascript', src='/js/lib/chai/chai.js')
|
||||
link(rel='stylesheet', href='/js/lib/codemirror/lib/codemirror.css')
|
||||
link(rel='stylesheet', href='/js/lib/codemirror/addon/lint/lint.css')
|
||||
link(rel='stylesheet', href='/js/lib/codemirror/theme/monokai.css')
|
||||
link(rel="stylesheet", href="http://fonts.googleapis.com/css?family=Ubuntu+Mono")
|
||||
script(src='/js/lib/codemirror/mode/javascript/javascript.js')
|
||||
script(src='/js/lib/jailed/jailed.js')
|
||||
script(src='/js/lib/bonfire/bonfireInit.js')
|
||||
script(src="//cdnjs.cloudflare.com/ajax/libs/ramda/0.13.0/ramda.min.js")
|
||||
script(type='text/javascript', src='/js/lib/codemirror/mode/javascript/javascript.js')
|
||||
script(type='text/javascript', src='/js/lib/jailed/jailed.js')
|
||||
script(type='text/javascript', src='/js/lib/bonfire/bonfireInit.js')
|
||||
script(type='text/javascript', src="//cdnjs.cloudflare.com/ajax/libs/ramda/0.13.0/ramda.min.js")
|
||||
|
||||
|
||||
.row
|
||||
|
|
Loading…
Reference in New Issue