aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsD <stoned@derpymail.org>2020-03-15 03:49:48 +0100
committersD <stoned@derpymail.org>2020-03-15 03:49:48 +0100
commit50eca684345fded6f792bfe331cc66be863d8769 (patch)
tree6443e7dda94bb4b7f289b4ae4d81f917c219e8c5
parent2228b820af936ca27bb18fb0f52c013e29a4ce27 (diff)
add content policy and make wasabi use https
Diffstat
-rw-r--r--webAO/client.html6
-rw-r--r--webAO/client.js2
-rw-r--r--webAO/index.html5
3 files changed, 12 insertions, 1 deletions
diff --git a/webAO/client.html b/webAO/client.html
index 4637d69..ee18cbd 100644
--- a/webAO/client.html
+++ b/webAO/client.html
@@ -5,6 +5,12 @@
<title>Attorney Online session</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+ <meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline' 'unsafe-eval' file: data: ws: *.aceattorneyonline.com https://s3.wasabisys.com https://webao.animatedchatroom.net https://golden-layout.com https://ajax.googleapis.com;">
+ <meta http-equiv="X-Content-Security-Policy" content="default-src 'self' 'unsafe-inline' 'unsafe-eval' file: data: ws: *.aceattorneyonline.com https://s3.wasabisys.com https://webao.animatedchatroom.net https://golden-layout.com https://ajax.googleapis.com;">
+ <meta http-equiv="X-WebKit-CSP" content="default-src 'self' 'unsafe-inline' 'unsafe-eval' file: data: ws: *.aceattorneyonline.com https://s3.wasabisys.com https://webao.animatedchatroom.net https://golden-layout.com https://ajax.googleapis.com;">
+
+
<link rel="stylesheet" type="text/css" href="styles/client.css?v=1.0.0" id="client_stylesheet">
<link rel="stylesheet" type="text/css" href="styles/default.css?v=1.0.0" id="client_theme">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
diff --git a/webAO/client.js b/webAO/client.js
index e55accd..8251ca3 100644
--- a/webAO/client.js
+++ b/webAO/client.js
@@ -28,7 +28,7 @@ const serverIP = queryDict.ip;
let mode = queryDict.mode;
// Unless there is an asset URL specified, use the wasabi one
-const DEFAULT_HOST = location.hostname ? "http://s3.wasabisys.com/webao/base/" : "base/";
+const DEFAULT_HOST = location.hostname ? "https://s3.wasabisys.com/webao/base/" : "base/";
const AO_HOST = queryDict.asset || DEFAULT_HOST;
const THEME = queryDict.theme || "default";
const MUSIC_HOST = AO_HOST + "sounds/music/";
diff --git a/webAO/index.html b/webAO/index.html
index fca9173..e4e4c9e 100644
--- a/webAO/index.html
+++ b/webAO/index.html
@@ -6,6 +6,11 @@
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
+
+ <meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline' 'unsafe-eval' *.aceattorneyonline.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' ws:;">
+ <meta http-equiv="X-Content-Security-Policy" content="default-src 'self' 'unsafe-inline' 'unsafe-eval' *.aceattorneyonline.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' ws:;">
+ <meta http-equiv="X-WebKit-CSP" content="default-src 'self' 'unsafe-inline' 'unsafe-eval' *.aceattorneyonline.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' ws:;">
+
<link href="https://fonts.googleapis.com/css?family=Poiret+One" rel="stylesheet">
<link href="https://fonts.googleapis.com/css?family=Oswald%7CRoboto+Condensed" rel="stylesheet">
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">
generated by cgit (git 2.34.1) at 2026-04-23 20:44:00 +0000