mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 17:05:18 +00:00
27eae209fd
* rename dir * no need to install website or docs from npm At some point, would also be nice to be able to exclude assets/ as well, and to only install a pre-built version of Fleet's frontend code * Bring in fleetdm.com website From https://github.com/fleetdm/fleetdm.com as of https://github.com/fleetdm/fleetdm.com/releases/tag/v0.0.21 * add procfile for heroku Using https://github.com/timanovsky/subdir-heroku-buildpack * avoid getting anybody's hopes up * Create deploy-fleet-website.yml (#82) * Create deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * update pjs with SPDX-like license expressions. also fix repo URL and remove package lock * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * remove dummy uri * Dissect deploy script * Update deploy-fleet-website.yml * workaround for eslintrc nesting issue * lint fixes * forgot the .js * add per-commit git config * Update deploy-fleet-website.yml * might as well remove that * cleanup * connect w/ heroku app and have it actually push * fix bug I introduced in 578a1a01ffb8404aae869e05005e30a6ba2b2a95 * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * the beauty, the glory, of javascript * GH actions don't like "\n" * Update deploy-fleet-website.yml * restore \n chars from 0d45e568f693efba7d7072085bc98d72a482d9ae hoping I was wrong in 0d45e568f693efba7d7072085bc98d72a482d9ae but see also https://github.community/t/what-is-the-correct-character-escaping-for-workflow-command-values-e-g-echo-xxxx/118465/5 * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * Update deploy-fleet-website.yml * rename script to prevent duplicate building * Configure the real website * clean up * a test of the deploy workflow * add handbook to npmignore * I guess you could call this fixing a typo * point workflow at master branch * now clearly bogus: this completely unused version string
50 lines
2.1 KiB
JavaScript
Vendored
50 lines
2.1 KiB
JavaScript
Vendored
/**
|
|
* Security Settings
|
|
* (sails.config.security)
|
|
*
|
|
* These settings affect aspects of your app's security, such
|
|
* as how it deals with cross-origin requests (CORS) and which
|
|
* routes require a CSRF token to be included with the request.
|
|
*
|
|
* For an overview of how Sails handles security, see:
|
|
* https://sailsjs.com/documentation/concepts/security
|
|
*
|
|
* For additional options and more information, see:
|
|
* https://sailsjs.com/config/security
|
|
*/
|
|
|
|
module.exports.security = {
|
|
|
|
/***************************************************************************
|
|
* *
|
|
* CORS is like a more modern version of JSONP-- it allows your application *
|
|
* to circumvent browsers' same-origin policy, so that the responses from *
|
|
* your Sails app hosted on one domain (e.g. example.com) can be received *
|
|
* in the client-side JavaScript code from a page you trust hosted on _some *
|
|
* other_ domain (e.g. trustedsite.net). *
|
|
* *
|
|
* For additional options and more information, see: *
|
|
* https://sailsjs.com/docs/concepts/security/cors *
|
|
* *
|
|
***************************************************************************/
|
|
|
|
// cors: {
|
|
// allRoutes: false,
|
|
// allowOrigins: '*',
|
|
// allowCredentials: false,
|
|
// },
|
|
|
|
|
|
/****************************************************************************
|
|
* *
|
|
* CSRF protection should be enabled for this application. *
|
|
* *
|
|
* For more information, see: *
|
|
* https://sailsjs.com/docs/concepts/security/csrf *
|
|
* *
|
|
****************************************************************************/
|
|
|
|
csrf: true
|
|
|
|
};
|