grassrootseconomics/openethereum
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix CSP for dapps that require eval. (#7867)

Browse Source 
* Add allowJsEval to manifest.

* Enable 'unsafe-eval' if requested in manifest.
This commit is contained in:
Tomasz Drwięga
2018-02-15 11:05:20 +01:00
committed by Afri Schoedon
parent 0a34ad50b4
commit 226215eff6
16 changed files with 41 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
dapps/src/page/handler.rs
View File

@@ -59,6 +59,8 @@ pub struct PageHandler<T: DappFile> {
pub safe_to_embed_on: Embeddable,
/// Cache settings for this page.
pub cache: PageCache,
/// Allow JS unsafe-eval.
pub allow_js_eval: bool,
}
impl<T: DappFile> PageHandler<T> {
@@ -93,7 +95,7 @@ impl<T: DappFile> PageHandler<T> {
headers.set(header::ContentType(file.content_type().to_owned()));
add_security_headers(&mut headers, self.safe_to_embed_on);
add_security_headers(&mut headers, self.safe_to_embed_on, self.allow_js_eval);
}
let initial_content = if file.content_type().to_owned() == mime::TEXT_HTML {