From a23a79d8c601522cc9a843a3cdaca36f71d71a31 Mon Sep 17 00:00:00 2001
From: Michael Q Larson <michaelqlarson@gmail.com>
Date: Fri, 9 Jan 2015 07:53:29 -0800
Subject: [PATCH] hide public profile button if no username

---
 app.js                     | 17 +++++++++--------
 views/account/profile.jade |  3 ++-
 2 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/app.js b/app.js
index 5ee26997a2..2bbcf68abc 100644
--- a/app.js
+++ b/app.js
@@ -121,8 +121,11 @@ var trusted = [
     '*.bootstrapcdn.com',
     '*.cloudflare.com',
     'localhost:3001',
-    'localhost:3000'
-
+    'ws://localhost:3001/',
+    'http://localhost:3001',
+    'localhost:3000',
+    'ws://localhost:3000/',
+    'http://localhost:3000'
 ];
 
 debug(trusted);
@@ -134,10 +137,8 @@ app.use(helmet.contentSecurityPolicy({
       'wss://*.rafflecopter.com',
       'https://*.rafflecopter.com',
       'ws://www.freecodecamp.com',
-      'ws://localhost:3001/',
-      'http://localhost:3001',
       'http://www.freecodecamp.com'
-    ],
+    ].concat(trusted),
     styleSrc: trusted,
     imgSrc: [
       '*.evernote.com',
@@ -150,20 +151,20 @@ app.use(helmet.contentSecurityPolicy({
       'graph.facebook.com',
       '*.githubusercontent.com',
       '*.googleusercontent.com',
-      '*'
+      '*' /* allow all input since we have user submitted images for public profile*/
     ].concat(trusted),
     fontSrc: ['*.googleapis.com'].concat(trusted),
     mediaSrc: [
       '*.amazonaws.com',
       '*.twitter.com'
-    ],
+    ].concat(trusted),
     frameSrc: [
       '*.gitter.im',
       '*.vimeo.com',
       '*.twitter.com',
       '*.rafflecopter.com',
       '*.youtube.com'
-    ],
+    ].concat(trusted),
     reportOnly: false, // set to true if you only want to report errors
     setAllHeaders: false, // set to true if you want to set all headers
     safari5: false // set to true if you want to force buggy CSP in Safari 5
diff --git a/views/account/profile.jade b/views/account/profile.jade
index 46232c89b1..b51b83b9f2 100644
--- a/views/account/profile.jade
+++ b/views/account/profile.jade
@@ -224,7 +224,8 @@ block content
         .panel-heading.text-center Actions
         .panel-body
             .col-xs-12
-                a.btn.btn-lg.btn-block.btn-info.btn-link-social(href='/campers/#{user.profile.username}') Check out my Public Profile
+                if (user.profile.username)
+                    a.btn.btn-lg.btn-block.btn-info.btn-link-social(href='/campers/#{user.profile.username}') Check out my Public Profile
                 a.btn.btn-lg.btn-block.btn-primary.btn-link-social(href='/') Take me to my current challenge
                 a.btn.btn-lg.btn-block.btn-warning.btn-link-social(href='/logout') Sign out
             br