deepcrayon/lila
deepcrayon/lila
1
0
Fork 0
Code Releases Activity

CSP enabled live setting

Browse source
This commit is contained in:
Thibault Duplessis 2018-05-11 02:41:54 +02:00
parent 881a7cfa7a
commit 62d263c238
4 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/controllers/Dev.scala
View file

@ -16,7 +16,8 @@ object Dev extends LilaController {
Env.irwin.irwinModeSetting,
Env.api.assetVersionSetting,
Env.explorer.indexFlowSetting,
Env.report.scoreThresholdSetting
Env.report.scoreThresholdSetting,
Env.api.cspEnabledSetting
)
def settings = Secure(_.Settings) { implicit ctx => me =>

2
app/templating/Environment.scala
View file

@ -54,6 +54,8 @@ object Environment
def contactEmailLink = Html(s"""<a href="mailto:$contactEmail">$contactEmail</a>""")
def cspEnabled = apiEnv.cspEnabledSetting.get _
def isChatPanicEnabled =
lila.chat.Env.current.panic.enabled

2
app/views/base/layout.scala.html
View file

@ -21,7 +21,7 @@ csp: Option[lila.common.ContentSecurityPolicy] = None)(body: Html)(implicit ctx:
<!-- Lichess is open source! See https://github.com/ornicar/lila -->
<head>
<meta charset="utf-8">
@if(isGranted(_.Beta)) {
@if(cspEnabled()) {
<meta http-equiv="Content-Security-Policy" content="@csp.getOrElse(defaultCsp)">
}
@if(isProd) {

6
modules/api/src/main/Env.scala
View file

@ -67,6 +67,12 @@ final class Env(
init = (config, db) => config.value max db.value
)
val cspEnabledSetting = settingStore[Boolean](
"cspEnabled",
default = true,
text = "Enable CSP for everyone.".some
)
object Accessibility {
val blindCookieName = config getString "accessibility.blind.cookie.name"
val blindCookieMaxAge = config getInt "accessibility.blind.cookie.max_age"