avoid csp for semrush

This commit is contained in:
Azareal 2020-03-18 19:45:36 +10:00
parent b66a494f1c
commit 7d25937352
1 changed files with 8 additions and 5 deletions

View File

@ -99,8 +99,8 @@ func renderTemplate2(tmplName, hookName string, w http.ResponseWriter, r *http.R
return nil return nil
} }
func FootHeaders(w http.ResponseWriter, header *c.Header) { func FootHeaders(w http.ResponseWriter, h *c.Header) {
if !header.LooseCSP { if !h.LooseCSP {
if c.Config.SslSchema { if c.Config.SslSchema {
w.Header().Set("Content-Security-Policy", "default-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src * data: 'unsafe-eval' 'unsafe-inline'; connect-src * 'unsafe-eval' 'unsafe-inline'; frame-src 'self' www.youtube-nocookie.com;upgrade-insecure-requests") w.Header().Set("Content-Security-Policy", "default-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src * data: 'unsafe-eval' 'unsafe-inline'; connect-src * 'unsafe-eval' 'unsafe-inline'; frame-src 'self' www.youtube-nocookie.com;upgrade-insecure-requests")
} else { } else {
@ -109,16 +109,17 @@ func FootHeaders(w http.ResponseWriter, header *c.Header) {
} }
// Server pushes can backfire on certain browsers, so we want to make sure it's only triggered for ones where it'll help // Server pushes can backfire on certain browsers, so we want to make sure it's only triggered for ones where it'll help
lastAgent := header.CurrentUser.LastAgent lastAgent := h.CurrentUser.LastAgent
//fmt.Println("lastAgent:", lastAgent) //fmt.Println("lastAgent:", lastAgent)
if lastAgent == c.Chrome || lastAgent == c.Firefox { if lastAgent == c.Chrome || lastAgent == c.Firefox {
doPush(w, header) doPush(w, h)
} }
} }
func renderTemplate3(tmplName, hookName string, w http.ResponseWriter, r *http.Request, h *c.Header, pi interface{}) error { func renderTemplate3(tmplName, hookName string, w http.ResponseWriter, r *http.Request, h *c.Header, pi interface{}) error {
s := h.Stylesheets s := h.Stylesheets
h.Stylesheets = nil h.Stylesheets = nil
jsEnable := h.CurrentUser.LastAgent != c.Semrush
if r.FormValue("i") != "1" && h.CurrentUser.LastAgent != c.Semrush { if r.FormValue("i") != "1" && h.CurrentUser.LastAgent != c.Semrush {
c.PrepResources(h.CurrentUser, h, h.Theme) c.PrepResources(h.CurrentUser, h, h.Theme)
for _, ss := range s { for _, ss := range s {
@ -138,7 +139,9 @@ func renderTemplate3(tmplName, hookName string, w http.ResponseWriter, r *http.R
h.OGDesc = h.MetaDesc h.OGDesc = h.MetaDesc
} }
FootHeaders(w, h) if jsEnable {
FootHeaders(w, h)
}
if h.Zone != "error" { if h.Zone != "error" {
since := time.Duration(uutils.Nanotime() - h.StartedAt) since := time.Duration(uutils.Nanotime() - h.StartedAt)
if h.CurrentUser.IsAdmin { if h.CurrentUser.IsAdmin {