mirror of https://github.com/Chocobozzz/PeerTube
Fix CSP
Chocobozzz
parent
b54431049b
commit
57bf30a984
|
|
@ -27,7 +27,7 @@ import { checkMissedConfig, checkFFmpeg, checkConfig, checkActivityPubUrls } fro
|
||||||
|
|
||||||
// Do not use barrels because we don't want to load all modules here (we need to initialize database first)
|
// Do not use barrels because we don't want to load all modules here (we need to initialize database first)
|
||||||
import { logger } from './server/helpers/logger'
|
import { logger } from './server/helpers/logger'
|
||||||
import { API_VERSION, CONFIG, STATIC_PATHS, CACHE } from './server/initializers/constants'
|
import { API_VERSION, CONFIG, STATIC_PATHS, CACHE, REMOTE_SCHEME } from './server/initializers/constants'
|
||||||
|
|
||||||
const missed = checkMissedConfig()
|
const missed = checkMissedConfig()
|
||||||
if (missed.length !== 0) {
|
if (missed.length !== 0) {
|
||||||
|
|
@ -59,14 +59,14 @@ app.use(helmet({
|
||||||
},
|
},
|
||||||
contentSecurityPolicy: {
|
contentSecurityPolicy: {
|
||||||
directives: {
|
directives: {
|
||||||
defaultSrc: ['*', 'data:', 'wss:', 'https:'],
|
defaultSrc: ['*', 'data:', REMOTE_SCHEME.WS + ':', REMOTE_SCHEME.HTTP + ':'],
|
||||||
fontSrc: ["'self'", 'data:'],
|
fontSrc: ["'self'", 'data:'],
|
||||||
frameSrc: ["'none'"],
|
frameSrc: ["'none'"],
|
||||||
mediaSrc: ['*', 'https:'],
|
mediaSrc: ['*', REMOTE_SCHEME.HTTP + ':'],
|
||||||
objectSrc: ["'none'"],
|
objectSrc: ["'none'"],
|
||||||
scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
|
scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
|
||||||
styleSrc: ["'self'", "'unsafe-inline'"],
|
styleSrc: ["'self'", "'unsafe-inline'"],
|
||||||
upgradeInsecureRequests: true
|
upgradeInsecureRequests: false
|
||||||
},
|
},
|
||||||
browserSniff: false // assumes a modern browser, but allows CDN in front
|
browserSniff: false // assumes a modern browser, but allows CDN in front
|
||||||
},
|
},
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue