Document csp flags

2015-10-04 22:43:42 -04:00 · 2015-10-04 22:43:42 -04:00 · ce73598f12
parent f5e11ef8a3
commit ce73598f12
2 changed files with 6 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -22,6 +22,9 @@ Command-line options
 - ```-siteurl "http://mylinx.example.org/"``` -- the site url (for generating links)
 - ```-filespath files/"``` -- Path to store uploads (default is files/)
 - ```-metapath meta/``` -- Path to store information about uploads (default is meta/)
+- ```-contentsecuritypolicy "..."``` -- Content-Security-Policy header for pages (default is "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer none;")
+- ```-filecontentsecuritypolicy "..."``` -- Content-Security-Policy header for files (default is "default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; sandbox; referrer none;"")
+- ```-xframeoptions "..." ``` -- X-Frame-Options header (default is "SAMEORIGIN")
 - ```-remoteuploads``` -- (optionally) enable remote uploads (/upload?url=https://...) 
 - ```-fastcgi``` -- (optionally) serve through fastcgi 
 - ```-nologs``` -- (optionally) disable request logs in stdout
--- a/server.go
+++ b/server.go
@ -135,13 +135,13 @@ func main() {
 		"serve through fastcgi")
 	flag.BoolVar(&Config.remoteUploads, "remoteuploads", false,
 		"enable remote uploads")
-	flag.StringVar(&Config.contentSecurityPolicy, "contentSecurityPolicy",
+	flag.StringVar(&Config.contentSecurityPolicy, "contentsecuritypolicy",
 		"default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer none;",
 		"value of default Content-Security-Policy header")
-	flag.StringVar(&Config.fileContentSecurityPolicy, "fileContentSecurityPolicy",
+	flag.StringVar(&Config.fileContentSecurityPolicy, "filecontentsecuritypolicy",
 		"default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; sandbox; referrer none;",
 		"value of Content-Security-Policy header for file access")
-	flag.StringVar(&Config.xFrameOptions, "xFrameOptions", "SAMEORIGIN",
+	flag.StringVar(&Config.xFrameOptions, "xframeoptions", "SAMEORIGIN",
 		"value of X-Frame-Options header")
 	flag.Parse()