Merge branch 'master' into newmc

author Marius Gavrilescu <marius@ieval.ro>

Wed, 25 Feb 2015 20:28:54 +0000 (22:28 +0200)

committer Marius Gavrilescu <marius@ieval.ro>

Wed, 25 Feb 2015 20:28:54 +0000 (22:28 +0200)
author Marius Gavrilescu <marius@ieval.ro>
Wed, 25 Feb 2015 20:28:54 +0000 (22:28 +0200)
committer Marius Gavrilescu <marius@ieval.ro>
Wed, 25 Feb 2015 20:28:54 +0000 (22:28 +0200)
diff --cc app.psgi

index 42be500aba22b608d877f8850c1e6285c67641b6,c61b8bbbb4c8c78dde09bbd09e2eecb69ebde8da..ab5ca00659d03dc56b4a76b1fa7a788d57ccfa5d
--- 1/app.psgi
--- 2/app.psgi
+++ b/app.psgi
@@@ -12,8 -12,22 +12,22 @@@ use Log::Log4perl
   use Tie::Hash::Expire;
   
   use constant AUTH_TIMEOUT => 5 * 60;
- -use constant ACCESSLOG_FORMAT => 'combined';
+ +use constant ACCESSLOG_FORMAT => '%{X-Forwarded-For}i %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"';
- use constant CONTENT_SECURITY_POLICY => q,default-src 'none'; script-src 'self' static.mindcoding.ro www.google-analytics.com; style-src 'self' static.mindcoding.ro; img-src 'self' static.mindcoding.ro www.google-analytics.com; connect-src 'self',;
+ 
+ sub CONTENT_SECURITY_POLICY () {
+       my $csp = <<CSP;
+ default-src 'none'
+ connect-src 'self'
+ form-action 'self'
+ frame-ancestors 'none'
- -img-src 'self'
++img-src 'self' https://static.mindcoding.ro https://www.google-analytics.com/collect
+ referrer origin-when-cross-origin
- -script-src 'self'
- -style-src 'self'
++script-src 'self' https://static.mindcoding.ro/js.js https://www.google-analytics.com/analytics.js
++style-src 'self' https://static.mindcoding.ro/css/
+ CSP
+       chomp $csp;
+       $csp =~ s/\n/; /gr;
+ }
   
   our $db //= Gruntmaster::Data->connect($ENV{GRUNTMASTER_DSN} // 'dbi:Pg:');
author	Marius Gavrilescu <marius@ieval.ro>
	Wed, 25 Feb 2015 20:28:54 +0000 (22:28 +0200)
committer	Marius Gavrilescu <marius@ieval.ro>
	Wed, 25 Feb 2015 20:28:54 +0000 (22:28 +0200)