Unverified Commit b814ed81 authored by Maarten de Waard's avatar Maarten de Waard 🤘🏻
Browse files

remove inline javascript and style, set language cookie on every page load

parent ba34041e
Header set Strict-Transport-Security "max-age=63072000"
Header set X-Frame-Options "DENY"
......@@ -12,6 +12,9 @@ mkdir -p ~/.ssh
apt-get update
apt-get install -y rsync
# Copy .htaccess into build folder.
cp .htaccess build/
# Upload site.
rsync -r --verbose --compress --delete --exclude js-components ./build/ \
"${FTP_USER}@ftp.greenhost.nl:${DOMAIN_NAME}/${SUBDOMAIN}"
......@@ -64,17 +64,23 @@
this.setAttribute("rel", "noreferrer noopener");
}
});
});
document.setLangCookie = function(lang) {
var expiryDate = new Date();
expiryDate = expiryDate.setMonth(expiryDate.getMonth() + 12);
var domain = window.location.hostname;
var cookieParams = "domain=." + domain + ";path=/;SameSite=Strict;";
if (window.location.protocol == "https") {
cookieParams += "secure=true;";
}
document.cookie = "openedx-language-preference=" + lang + ";expires=" + expiryDate + ";" + cookieParams;
};
var setLangCookie = function(lang) {
var expiryDate = new Date();
expiryDate = expiryDate.setMonth(expiryDate.getMonth() + 12);
var domain = window.location.hostname;
var cookieParams = "domain=." + domain + ";path=/;SameSite=Strict;";
if (window.location.protocol == "https") {
cookieParams += "secure=true;";
}
document.cookie = "openedx-language-preference=" + lang + ";expires=" + expiryDate + ";" + cookieParams;
};
// Get locale from current path
var locale = window.location.pathname.split('/')[1];
// If the locale string is empty or ends with .html, we're on an English page
if (locale == "" || locale.endsWith(".html")) {
locale = "en";
}
setLangCookie(locale);
});
})(jQuery, window, document);
......@@ -4,9 +4,7 @@
<meta charset="utf-8">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta http-equiv="Strict-Transport-Security" content="max-age=63072000">
<meta http-equiv="X-Content-Type-Options" content="nosniff">
<meta http-equiv="X-Frame-Options" content="DENY">
<meta http-equiv="X-XSS-Protection" content="1; mode=block">
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; font-src 'self' fonts.gstatic.com; style-src 'self' fonts.googleapis.com; img-src 'self' learn.totem-project.org;">
<meta name="viewport"
......
......@@ -3,7 +3,7 @@
<div class="container">
<div class="row">
<div class="col-md-4">
<span class="copyright"><a rel="license" href="http://creativecommons.org/licenses/by-sa/4.0/"><img alt="Creative Commons License" style="border-width:0" src="/img/cc-by-sa.png" /></a></span>
<span class="copyright"><a rel="license" href="http://creativecommons.org/licenses/by-sa/4.0/"><img alt="Creative Commons License" src="/img/cc-by-sa.png" /></a></span>
</div>
<div class="col-md-8">
<ul class="list-inline quicklinks">
......
......@@ -35,7 +35,7 @@ end
<ul class="dropdown-menu" aria-labelledby="dropdownMenuButton">
<% I18n.available_locales.select{|l| l != ::I18n.locale}.each do |loc| %>
<li class="dropdown-item">
<%= link_to(config[:locales][loc][:name], "/index.html", :locale => loc, :class => "nav-link", :onclick => "setLangCookie('#{loc}')") %>
<%= link_to(config[:locales][loc][:name], "/index.html", :locale => loc, :class => "nav-link") %>
</li>
<% end %>
</ul>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment