diff options
Diffstat (limited to 'src/chttpd/src/chttpd_misc.erl')
-rw-r--r-- | src/chttpd/src/chttpd_misc.erl | 13 |
1 files changed, 3 insertions, 10 deletions
diff --git a/src/chttpd/src/chttpd_misc.erl b/src/chttpd/src/chttpd_misc.erl index 830fea378..f52210af2 100644 --- a/src/chttpd/src/chttpd_misc.erl +++ b/src/chttpd/src/chttpd_misc.erl @@ -93,8 +93,9 @@ handle_utils_dir_req(#httpd{method='GET'}=Req, DocumentRoot) -> {_ActionKey, "/", RelativePath} -> % GET /_utils/path or GET /_utils/ CachingHeaders = [{"Cache-Control", "private, must-revalidate"}], - EnableCsp = config:get("csp", "enable", "false"), - Headers = maybe_add_csp_headers(CachingHeaders, EnableCsp), + DefaultValues = "child-src 'self' data: blob:; default-src 'self'; img-src 'self' data:; font-src 'self'; " + "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';", + Headers = chttpd_util:maybe_add_csp_header("utils", CachingHeaders, DefaultValues), chttpd:serve_file(Req, RelativePath, DocumentRoot, Headers); {_ActionKey, "", _RelativePath} -> % GET /_utils @@ -104,14 +105,6 @@ handle_utils_dir_req(#httpd{method='GET'}=Req, DocumentRoot) -> handle_utils_dir_req(Req, _) -> send_method_not_allowed(Req, "GET,HEAD"). -maybe_add_csp_headers(Headers, "true") -> - DefaultValues = "child-src 'self' data: blob:; default-src 'self'; img-src 'self' data:; font-src 'self'; " - "script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';", - Value = config:get("csp", "header_value", DefaultValues), - [{"Content-Security-Policy", Value} | Headers]; -maybe_add_csp_headers(Headers, _) -> - Headers. - handle_all_dbs_req(#httpd{method='GET'}=Req) -> Args = couch_mrview_http:parse_params(Req, undefined), ShardDbName = config:get("mem3", "shards_db", "_dbs"), |