Merge pull request #1773 from TheGoddessInari/tighten_security

Don't allow insecure content.
7 years ago · 26dbe266e7
10 changed files with 19 additions and 21 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -38,10 +38,10 @@ Working on your first Pull Request? You can learn how from this *free* series [H
 ### Prerequisites

 | Prerequisite                                                  | Version |
-| ------------------------------------------------------------- | ----------- |
+| ------------------------------------------------------------- | ------- |
 | [Sencha](https://www.sencha.com/products/extjs/cmd-download/) | `=6.1.2.15`  |
 | [Ruby](https://www.ruby-lang.org/en/downloads/)               | `=2.3` |
-| [Node.js](http://nodejs.org)                                  | `~ ^4.0.0`  |
+| [Node.js](https://nodejs.org)                                 | `~ ^4.0.0`  |
 | npm (comes with Node)                                         | `~ ^3.8.7`  |

 > _Updating to the latest releases is recommended_.
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 <div align="center">
  <h1>
    <br />
-    <a href="http://rambox.pro"><img src="./resources/Icon.png" width="256px" alt="Rambox" /></a><br />
+    <a href="https://rambox.pro"><img src="./resources/Icon.png" width="256px" alt="Rambox" /></a><br />
    Rambox
    <br /><br/>
  </h1>
@ -26,9 +26,9 @@

  <h5>Available for Windows, Mac and Linux.</h5>

-  <h5><a href="http://rambox.pro/#download" target="_blank"><img src="https://cdn.rawgit.com/saenzramiro/rambox/gh-pages/images/img-download.svg" width="250" alt="DOWNLOAD HERE" /></a></h5>
+  <h5><a href="https://rambox.pro/#download" target="_blank"><img src="https://cdn.rawgit.com/saenzramiro/rambox/gh-pages/images/img-download.svg" width="250" alt="DOWNLOAD HERE" /></a></h5>

-  <h6>Logo designed by <a href="http://andyur.com/" target="_blank">Andriy Yurchenko</a></h6>
+  <h6>Logo designed by <a href="https://www.linkedin.com/in/andriyyurchenko/" target="_blank">Andriy Yurchenko</a></h6>
 </div>

 ---
--- a/app/Application.js
+++ b/app/Application.js
@ -229,7 +229,7 @@ Ext.define('Rambox.Application', {
 	,checkUpdate: function(silence) {
 		console.info('Checking for updates...');
 		Ext.Ajax.request({
-			 url: 'http://rambox.pro/api/latestversion.json'
+			 url: 'https://rambox.pro/api/latestversion.json'
 			,method: 'GET'
 			,success: function(response) {
 				var json = Ext.decode(response.responseText);
--- a/app/package.json
+++ b/app/package.json
@ -12,7 +12,7 @@
 	"bugs": {
 		"url": "https://github.com/saenzramiro/rambox/issues"
 	},
-	"homepage": "http://rambox.pro",
+	"homepage": "https://rambox.pro",
 	"keywords": [
 		"Rambox",
 		"messaging",
--- a/app/store/ServicesList.js
+++ b/app/store/ServicesList.js
@ -125,7 +125,7 @@ Ext.define('Rambox.store.ServicesList', {
 			,logo: 'inbox.png'
 			,name: 'Inbox'
 			,description: locale['services[10]']
-			,url: 'http://inbox.google.com/?cid=imp'
+			,url: 'https://inbox.google.com/?cid=imp'
 			,type: 'email'
 			,manual_notifications: true
 			,js_unread: 'function checkUnread(){updateBadge(document.getElementsByClassName("ss").length)}function updateBadge(a){a>=1?document.title="("+a+") "+originalTitle:document.title=originalTitle}var originalTitle=document.title;setInterval(checkUnread,3e3);'
@ -876,7 +876,7 @@ Ext.define('Rambox.store.ServicesList', {
 			,logo: 'mailru.png'
 			,name: 'Mail.Ru'
 			,description: 'Free voice and video calls, ICQ support, Odnoklassniki, VKontakte, Facebook, online games, free SMS.'
-			,url: 'http://webagent.mail.ru/webim/agent/popup.html'
+			,url: 'https://webagent.mail.ru/webim/agent/popup.html'
 			,type: 'email'
 		},
 		{
--- a/app/ux/WebView.js
+++ b/app/ux/WebView.js
@ -174,7 +174,7 @@ Ext.define('Rambox.ux.WebView',{
 					,plugins: 'true'
 					,allowtransparency: 'on'
 					,autosize: 'on'
-					,webpreferences: 'allowRunningInsecureContent=yes' //,nativeWindowOpen=yes
+					,webpreferences: '' //,nativeWindowOpen=yes
 					//,disablewebsecurity: 'on' // Disabled because some services (Like Google Drive) dont work with this enabled
 					,useragent: Ext.getStore('ServicesList').getById(me.record.get('type')).get('userAgent')
 					,preload: './resources/js/rambox-service-api.js'
--- a/app/view/add/Add.js
+++ b/app/view/add/Add.js
@ -65,7 +65,7 @@ Ext.define('Rambox.view.add.Add',{
 								,readOnly: me.edit ? (me.service.get('custom_domain') && me.service.get('url') === me.record.get('url') ? true : me.service.get('url').indexOf('___') === -1 && !me.service.get('custom_domain')) : me.record.get('url').indexOf('___') === -1 && me.record.get('custom_domain')
 								,allowBlank: false
 								,submitEmptyText: false
-								,emptyText: me.record.get('url') === '___' ? 'http://' : ''
+								,emptyText: me.record.get('url') === '___' ? 'https://' : ''
 								,vtype: me.record.get('url') === '___' ? 'url' : ''
 								,listeners: { specialkey: 'onEnter' }
 								,flex: 1
@ -97,7 +97,7 @@ Ext.define('Rambox.view.add.Add',{
 								}
 								,changeHandler: function(cycleBtn, activeItem) {
 									Ext.apply(cycleBtn.previousSibling(), {
-										 emptyText: activeItem.custom ? 'http://' : ' '
+										 emptyText: activeItem.custom ? 'https://' : ' '
 										,vtype: activeItem.custom ? 'url' : ''
 									});
 									cycleBtn.previousSibling().applyEmptyText();
@ -127,7 +127,7 @@ Ext.define('Rambox.view.add.Add',{
 					,{
 						 xtype: 'textfield'
 						,fieldLabel: locale['app.window[18]']
-						,emptyText: 'http://url.com/image.png'
+						,emptyText: 'https://url.com/image.png'
 						,name: 'logo'
 						,vtype: me.record.get('type') === 'custom' ? 'url' : ''
 						,value: me.record.get('type') === 'custom' ? (me.edit ? me.record.get('logo') : '') : me.record.get('logo')
--- a/app/view/main/Main.js
+++ b/app/view/main/Main.js
@ -313,7 +313,7 @@ Ext.define('Rambox.view.main.Main', {
 						 text: locale['app.main[22]']
 						,icon: 'resources/auth0.png'
 						,id: 'loginBtn'
-						,tooltip: locale['app.main[23]']+'<br /><br /><i>'+locale['app.main[24]']+' Auth0 (http://auth0.com)</i>'
+						,tooltip: locale['app.main[23]']+'<br /><br /><i>'+locale['app.main[24]']+' Auth0 (https://auth0.com)</i>'
 						,bind: {
 							hidden: '{username}'
 						}
--- a/electron/main.js
+++ b/electron/main.js
@ -157,9 +157,7 @@ function createWindow () {
 		,show: !config.get('start_minimized')
 		,acceptFirstMouse: true
 		,webPreferences: {
-			 webSecurity: false
-			,nodeIntegration: true
-			,plugins: true
+			plugins: true
 			,partition: 'persist:rambox'
 		}
 	});
--- a/electron/menu.js
+++ b/electron/menu.js
@ -22,7 +22,7 @@ module.exports = function(config) {
 		{
 			label: `&`+locale['menu.help[0]'],
 			click() {
-				shell.openExternal('http://rambox.pro');
+				shell.openExternal('https://rambox.pro');
 			}
 		},
 		{