- Use only framing policy, not all of content policy.

- Fix Date and Time Formats are only US in every language. Thanks to xet7 ! Closes #1833
2025-04-23 13:37:09 -04:00 · 2018-08-16 14:29:38 +03:00 · 2018-08-16 14:29:38 +03:00 · b3005f828d
commit b3005f828d
parent 36447ba1c0
3 changed files with 11 additions and 13 deletions
--- a/.meteor/packages
+++ b/.meteor/packages
@ -49,7 +49,6 @@ kadira:dochead
 meteorhacks:picker
 meteorhacks:subs-manager
 mquandalle:autofocus
-mquandalle:moment
 ongoworks:speakingurl
 raix:handlebar-helpers
 tap:i18n
@ -81,8 +80,9 @@ staringatlights:fast-render
 mixmax:smart-disconnect
 accounts-password@1.5.0
 cfs:gridfs
-browser-policy
 eluck:accounts-lockout
 rzymek:fullcalendar
 momentjs:moment@2.22.2
-atoy40:accounts-cas
+atoy40:accounts-cas
+browser-policy-framing
+mquandalle:moment
--- a/.meteor/versions
+++ b/.meteor/versions
@ -19,9 +19,7 @@ binary-heap@1.0.10
 blaze@2.3.2
 blaze-tools@1.0.10
 boilerplate-generator@1.3.1
-browser-policy@1.1.0
 browser-policy-common@1.0.11
-browser-policy-content@1.1.0
 browser-policy-framing@1.1.0
 caching-compiler@1.1.9
 caching-html-compiler@1.1.2
--- a/server/policy.js
+++ b/server/policy.js
@ -8,27 +8,27 @@ Meteor.startup(() => {
    BrowserPolicy.framing.disallow();
    //Allow inline scripts, otherwise there is errors in browser/inspect/console
    //BrowserPolicy.content.disallowInlineScripts();
-    BrowserPolicy.content.disallowEval();
-    BrowserPolicy.content.allowInlineStyles();
-    BrowserPolicy.content.allowFontDataUrl();
+    //BrowserPolicy.content.disallowEval();
+    //BrowserPolicy.content.allowInlineStyles();
+    //BrowserPolicy.content.allowFontDataUrl();
    BrowserPolicy.framing.restrictToOrigin(trusted);
-    BrowserPolicy.content.allowScriptOrigin(trusted);
+    //BrowserPolicy.content.allowScriptOrigin(trusted);
  }
  else {
    // Disable browser policy and allow all framing and including.
    // Use only at internal LAN, not at Internet.
    BrowserPolicy.framing.allowAll();
-    BrowserPolicy.content.allowDataUrlForAll();
+    //BrowserPolicy.content.allowDataUrlForAll();
  }

  // Allow all images from anywhere
-  BrowserPolicy.content.allowImageOrigin('*');
+  //BrowserPolicy.content.allowImageOrigin('*');

  // If Matomo URL is set, allow it.
  const matomoUrl = process.env.MATOMO_ADDRESS;
  if (matomoUrl){
-    BrowserPolicy.content.allowScriptOrigin(matomoUrl);
-    BrowserPolicy.content.allowImageOrigin(matomoUrl);
+    //BrowserPolicy.content.allowScriptOrigin(matomoUrl);
+    //BrowserPolicy.content.allowImageOrigin(matomoUrl);
  }

 });