jamesfengcao/uweb
2
0
Fork 0
mirror of https://github.com/torappinfo/uweb.git synced 2024-08-14 23:54:59 +00:00
Code Issues 3 Projects Releases 1 Packages Wiki Activity

add CSP & CORS white list support

Browse source
This commit is contained in:
James Feng Cao 2022-10-26 22:43:36 +08:00
parent 2d016e3fdb
commit 8bb1645e7c
10 changed files with 34 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

4
en/rjs/index.html
View file

@ -65,6 +65,10 @@
<p><a href="i:04Spell check:;let t=document.getElementsByTagName('textarea');let v=t[0].spellcheck;if(v==null)v=false;t[0].spellcheck=!v">Spell check:;let t=document.getElementsByTagName('textarea');let v=t[0].spellcheck;if(v==null)v=false;t[0].spellcheck=!v</a></p>
<p>Remote script configuration file &quot;default.rjs&quot; whose lines have the following format:<br>
[script name]:[javascript code to return url arrays]</p>
<h4 id="allow-remote-js-on-csp-content-security-policy-sites">Allow remote js on CSP (Content Security Policy) sites</h4>
<p>All remote js (default.rjs) are allowed to execute on CSP sites. Local js files without remote resource access work fine when under the folder &quot;bookmarklet&quot;, others needs to be refered in default.rjs as http urls such as &quot;https://local/...&quot; (<a href="../html5/index.html">html5</a> or <a href="../offlinecache/index.html">offline cache</a>) .</p>
<h4 id="allow-cors-cross-origin-resource-share">Allow CORS (Cross-Origin Resource Share)</h4>
<p>Put a domain followed by &quot;::&quot; in the file &quot;<a href="../redirect/index.html">default.redirect</a>&quot; to allow CORS with the option &quot;resource redirection&quot;.</p>
</div>