diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2024-04-17 17:36:32 +0200 |
---|---|---|
committer | Maximilian Bosch <maximilian@mbosch.me> | 2024-04-17 17:36:32 +0200 |
commit | 090016aa649b6b5a547557ef5c010a7fca8d7b40 (patch) | |
tree | 7f22a712afe91ee36386925effa6dc195bc6f9d4 | |
parent | 8bc628c7d96aa5cf767bad443091f39aed0cbad0 (diff) |
gitea: backport CSP patch in markdown renderer
See https://github.com/NixOS/nixpkgs/pull/304494#issuecomment-2059284122
-rw-r--r-- | pkgs/applications/version-management/gitea/csp-early-1.21.11.patch | 20 | ||||
-rw-r--r-- | pkgs/applications/version-management/gitea/default.nix | 3 |
2 files changed, 23 insertions, 0 deletions
diff --git a/pkgs/applications/version-management/gitea/csp-early-1.21.11.patch b/pkgs/applications/version-management/gitea/csp-early-1.21.11.patch new file mode 100644 index 0000000000000..2b479fb21cf7b --- /dev/null +++ b/pkgs/applications/version-management/gitea/csp-early-1.21.11.patch @@ -0,0 +1,20 @@ +diff --git a/routers/web/repo/render.go b/routers/web/repo/render.go +index f07b4e8c11..1fcaa83c4f 100644 +--- a/routers/web/repo/render.go ++++ b/routers/web/repo/render.go +@@ -44,6 +44,7 @@ func RenderFile(ctx *context.Context) { + isTextFile := st.IsText() + + rd := charset.ToUTF8WithFallbackReader(io.MultiReader(bytes.NewReader(buf), dataRc)) ++ ctx.Resp.Header().Add("Content-Security-Policy", "frame-src 'self'; sandbox allow-scripts") + + if markupType := markup.Type(blob.Name()); markupType == "" { + if isTextFile { +@@ -62,7 +63,6 @@ func RenderFile(ctx *context.Context) { + treeLink += "/" + util.PathEscapeSegments(ctx.Repo.TreePath) + } + +- ctx.Resp.Header().Add("Content-Security-Policy", "frame-src 'self'; sandbox allow-scripts") + err = markup.Render(&markup.RenderContext{ + Ctx: ctx, + RelativePath: ctx.Repo.TreePath, diff --git a/pkgs/applications/version-management/gitea/default.nix b/pkgs/applications/version-management/gitea/default.nix index 9f452d73f46ed..58f73aa4bc56a 100644 --- a/pkgs/applications/version-management/gitea/default.nix +++ b/pkgs/applications/version-management/gitea/default.nix @@ -39,6 +39,9 @@ buildGoModule rec { hash = "sha256-cThW3EnHR695thajbnmfNziVB/iBP9OPeDgWbszYIeg="; }) ./XSS-vulnerabilities-1.21.6.patch + + # Derived from https://github.com/go-gitea/gitea/pull/30136 + ./csp-early-1.21.11.patch ]; postPatch = '' |