From ce73598f12cb8e5fc95800be07b0420d22c01e40 Mon Sep 17 00:00:00 2001 From: andreimarcu Date: Sun, 4 Oct 2015 22:43:42 -0400 Subject: [PATCH] Document csp flags --- README.md | 3 +++ server.go | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 96a1196..3398bb5 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,9 @@ Command-line options - ```-siteurl "http://mylinx.example.org/"``` -- the site url (for generating links) - ```-filespath files/"``` -- Path to store uploads (default is files/) - ```-metapath meta/``` -- Path to store information about uploads (default is meta/) +- ```-contentsecuritypolicy "..."``` -- Content-Security-Policy header for pages (default is "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer none;") +- ```-filecontentsecuritypolicy "..."``` -- Content-Security-Policy header for files (default is "default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; sandbox; referrer none;"") +- ```-xframeoptions "..." ``` -- X-Frame-Options header (default is "SAMEORIGIN") - ```-remoteuploads``` -- (optionally) enable remote uploads (/upload?url=https://...) - ```-fastcgi``` -- (optionally) serve through fastcgi - ```-nologs``` -- (optionally) disable request logs in stdout diff --git a/server.go b/server.go index 9992a88..312de95 100644 --- a/server.go +++ b/server.go @@ -135,13 +135,13 @@ func main() { "serve through fastcgi") flag.BoolVar(&Config.remoteUploads, "remoteuploads", false, "enable remote uploads") - flag.StringVar(&Config.contentSecurityPolicy, "contentSecurityPolicy", + flag.StringVar(&Config.contentSecurityPolicy, "contentsecuritypolicy", "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer none;", "value of default Content-Security-Policy header") - flag.StringVar(&Config.fileContentSecurityPolicy, "fileContentSecurityPolicy", + flag.StringVar(&Config.fileContentSecurityPolicy, "filecontentsecuritypolicy", "default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; sandbox; referrer none;", "value of Content-Security-Policy header for file access") - flag.StringVar(&Config.xFrameOptions, "xFrameOptions", "SAMEORIGIN", + flag.StringVar(&Config.xFrameOptions, "xframeoptions", "SAMEORIGIN", "value of X-Frame-Options header") flag.Parse()