Load demo page libs via CDN with subresource integrity

This commit is contained in:
Tankred Hase 2016-06-14 20:19:56 +02:00
parent af086e705d
commit f33f45dde9
3 changed files with 6 additions and 6 deletions

View File

@ -75,7 +75,7 @@ app.use(function *(next) {
this.set('Public-Key-Pins', 'pin-sha256="' + config.server.httpsKeyPin + '"; pin-sha256="' + config.server.httpsKeyPinBackup + '"; max-age=16070400');
}
// CSP
this.set('Content-Security-Policy', "default-src 'self'; object-src 'none'");
this.set('Content-Security-Policy', "default-src 'self'; object-src 'none'; script-src 'self' code.jquery.com; style-src 'self' maxcdn.bootstrapcdn.com; font-src 'self' maxcdn.bootstrapcdn.com");
// Prevent rendering website in foreign iframe (Clickjacking)
this.set('X-Frame-Options', 'DENY');
// CORS

View File

@ -8,8 +8,8 @@
<title>Mailvelope Key Server</title>
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="css/jumbotron-narrow.css" rel="stylesheet">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
<link rel="stylesheet" href="css/jumbotron-narrow.css">
</head>
<body>
@ -94,7 +94,7 @@
</div> <!-- /container -->
<script src="js/jquery.min.js"></script>
<script src="https://code.jquery.com/jquery-3.0.0.min.js" integrity="sha256-JmvOoLtYsmqlsWxa7mDSLMwa6dZ9rrIdtrrVYRnDRH0=" crossorigin="anonymous"></script>
<script src="js/demo.js"></script>
</body>

View File

@ -8,8 +8,8 @@
<title>Mailvelope Key Server</title>
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="css/jumbotron-narrow.css" rel="stylesheet">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
<link rel="stylesheet" href="css/jumbotron-narrow.css">
</head>
<body>