Document csp flags
This commit is contained in:
andreimarcu
parent
f5e11ef8a3
commit
ce73598f12
|
|
@ -22,6 +22,9 @@ Command-line options
|
||||||
- ```-siteurl "http://mylinx.example.org/"``` -- the site url (for generating links)
|
- ```-siteurl "http://mylinx.example.org/"``` -- the site url (for generating links)
|
||||||
- ```-filespath files/"``` -- Path to store uploads (default is files/)
|
- ```-filespath files/"``` -- Path to store uploads (default is files/)
|
||||||
- ```-metapath meta/``` -- Path to store information about uploads (default is meta/)
|
- ```-metapath meta/``` -- Path to store information about uploads (default is meta/)
|
||||||
|
- ```-contentsecuritypolicy "..."``` -- Content-Security-Policy header for pages (default is "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer none;")
|
||||||
|
- ```-filecontentsecuritypolicy "..."``` -- Content-Security-Policy header for files (default is "default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; sandbox; referrer none;"")
|
||||||
|
- ```-xframeoptions "..." ``` -- X-Frame-Options header (default is "SAMEORIGIN")
|
||||||
- ```-remoteuploads``` -- (optionally) enable remote uploads (/upload?url=https://...)
|
- ```-remoteuploads``` -- (optionally) enable remote uploads (/upload?url=https://...)
|
||||||
- ```-fastcgi``` -- (optionally) serve through fastcgi
|
- ```-fastcgi``` -- (optionally) serve through fastcgi
|
||||||
- ```-nologs``` -- (optionally) disable request logs in stdout
|
- ```-nologs``` -- (optionally) disable request logs in stdout
|
||||||
|
|
|
||||||
|
|
@ -135,13 +135,13 @@ func main() {
|
||||||
"serve through fastcgi")
|
"serve through fastcgi")
|
||||||
flag.BoolVar(&Config.remoteUploads, "remoteuploads", false,
|
flag.BoolVar(&Config.remoteUploads, "remoteuploads", false,
|
||||||
"enable remote uploads")
|
"enable remote uploads")
|
||||||
flag.StringVar(&Config.contentSecurityPolicy, "contentSecurityPolicy",
|
flag.StringVar(&Config.contentSecurityPolicy, "contentsecuritypolicy",
|
||||||
"default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer none;",
|
"default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer none;",
|
||||||
"value of default Content-Security-Policy header")
|
"value of default Content-Security-Policy header")
|
||||||
flag.StringVar(&Config.fileContentSecurityPolicy, "fileContentSecurityPolicy",
|
flag.StringVar(&Config.fileContentSecurityPolicy, "filecontentsecuritypolicy",
|
||||||
"default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; sandbox; referrer none;",
|
"default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; sandbox; referrer none;",
|
||||||
"value of Content-Security-Policy header for file access")
|
"value of Content-Security-Policy header for file access")
|
||||||
flag.StringVar(&Config.xFrameOptions, "xFrameOptions", "SAMEORIGIN",
|
flag.StringVar(&Config.xFrameOptions, "xframeoptions", "SAMEORIGIN",
|
||||||
"value of X-Frame-Options header")
|
"value of X-Frame-Options header")
|
||||||
flag.Parse()
|
flag.Parse()
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue