Show warning when unsafe CSP policy is in use (#7804)

* Show warning when unsafe CSP policy is in use * Fix bare markdown URL * i18n: fr * Minor i18n: fr * Add target="_blank" to i18n strings --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
author: Inverle <inverle@proton.me> 2025-08-09 21:47:39 +0200
committer: GitHub <noreply@github.com> 2025-08-09 21:47:39 +0200
commit: 2b85a50ed72982ab0c0f9ef98c7ed1e15f21bf5f (patch)
tree: 7bb8412d5b14142a384e0da8cb6255802935d053 /app/views/helpers/javascript_vars.phtml
parent: 1030973d903c746d4fb10b863c7b9aebb5c448e1 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/app/views/helpers/javascript_vars.phtml b/app/views/helpers/javascript_vars.phtml
index 831c67f89..a7564af67 100644
--- a/app/views/helpers/javascript_vars.phtml
+++ b/app/views/helpers/javascript_vars.phtml
@@ -7,6 +7,8 @@ $extData = Minz_ExtensionManager::callHook('js_vars', []);
 echo json_encode([
 	'context' => [
 		'anonymous' => !FreshRSS_Auth::hasAccess(),
+		'admin' => FreshRSS_Auth::hasAccess('admin'),
+		'suppress_csp_warning' => FreshRSS_Context::systemConf()->suppress_csp_warning,
 		'auto_remove_article' => !!FreshRSS_Context::isAutoRemoveAvailable(),
 		'hide_posts' => !(FreshRSS_Context::userConf()->display_posts || Minz_Request::actionName() === 'reader'),
 		'display_order' => Minz_Request::paramString('order') ?: FreshRSS_Context::userConf()->sort_order,
@@ -77,6 +79,7 @@ echo json_encode([
 		'labels_empty' => _t('gen.js.labels_empty'),
 		'favicon_size_exceeded' => _t('feedback.sub.feed.favicon.too_large', format_bytes(FreshRSS_Context::systemConf()->limits['max_favicon_upload_size'])),
 		'language' => FreshRSS_Context::userConf()->language,
+		'unsafe_csp_header' => _t('gen.js.unsafe_csp_header'),
 	],
 	'icons' => [
 		'read' => rawurlencode(_i('read')),
author	Inverle <inverle@proton.me>	2025-08-09 21:47:39 +0200
committer	GitHub <noreply@github.com>	2025-08-09 21:47:39 +0200
commit	2b85a50ed72982ab0c0f9ef98c7ed1e15f21bf5f (patch)
tree	7bb8412d5b14142a384e0da8cb6255802935d053 /app/views/helpers/javascript_vars.phtml
parent	1030973d903c746d4fb10b863c7b9aebb5c448e1 (diff)