From 01ce3b745742b1909c30a1bcd246ab192d8811bc Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 27 May 2017 22:33:15 +0100
Subject: [PATCH] Don't allow cryptpad registrations plus no content security
 policy

csp causes things to fail
---
 src/freedombone-app-cryptpad | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/freedombone-app-cryptpad b/src/freedombone-app-cryptpad
index 643f320a..81308e75 100755
--- a/src/freedombone-app-cryptpad
+++ b/src/freedombone-app-cryptpad
@@ -376,6 +376,10 @@ function install_cryptpad_main {
         echo '    try_files $uri =404;' >> $cryptpad_nginx_site
         echo '  }' >> $cryptpad_nginx_site
         echo '' >> $cryptpad_nginx_site
+        echo '  location ^~ /register/ {' >> $cryptpad_nginx_site
+        echo '    try_files $uri =404;' >> $cryptpad_nginx_site
+        echo '  }' >> $cryptpad_nginx_site
+        echo '' >> $cryptpad_nginx_site
         echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
         echo '    rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
         echo '  }' >> $cryptpad_nginx_site
@@ -406,8 +410,6 @@ function install_cryptpad_main {
     echo "    set \$scriptSrc \"'self' 'unsafe-eval' 'unsafe-inline'\";" >> $cryptpad_nginx_site
     echo '  }' >> $cryptpad_nginx_site
     echo '' >> $cryptpad_nginx_site
-    echo "  add_header Content-Security-Policy \"default-src http:; script-src http: 'unsafe-inline'; style-src http: 'unsafe-inline'; img-src data: * blob: font-src self\";" >> $cryptpad_nginx_site
-    echo '' >> $cryptpad_nginx_site
     echo '  location = /cryptpad_websocket {' >> $cryptpad_nginx_site
     echo "    proxy_pass http://localhost:$CRYPTPAD_PORT;" >> $cryptpad_nginx_site
     echo '    proxy_set_header X-Real-IP $remote_addr;' >> $cryptpad_nginx_site
@@ -437,6 +439,10 @@ function install_cryptpad_main {
     echo '    try_files $uri =404;' >> $cryptpad_nginx_site
     echo '  }' >> $cryptpad_nginx_site
     echo '' >> $cryptpad_nginx_site
+    echo '  location ^~ /register/ {' >> $cryptpad_nginx_site
+    echo '    try_files $uri =404;' >> $cryptpad_nginx_site
+    echo '  }' >> $cryptpad_nginx_site
+    echo '' >> $cryptpad_nginx_site
     echo '  location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media)$ {' >> $cryptpad_nginx_site
     echo '    rewrite ^(.*)$ $1/ redirect;' >> $cryptpad_nginx_site
     echo '  }' >> $cryptpad_nginx_site
@@ -445,7 +451,7 @@ function install_cryptpad_main {
     echo '}' >> $cryptpad_nginx_site
 
     sed -i 's|DENY;|SAMEORIGIN;|g' $cryptpad_nginx_site
-    sed -i "s|Content-Security-Policy.*|Content-Security-Policy \"default-src http:; script-src http: 'unsafe-inline'; style-src http: 'unsafe-inline'; img-src data: * blob: font-src self\";|g" $cryptpad_nginx_site
+    sed -i "/Content-Security-Policy/d" $cryptpad_nginx_site
 
     function_check create_site_certificate
     create_site_certificate $CRYPTPAD_DOMAIN_NAME 'yes'