OpenCloud
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube
1
0
Fork 0
Code Issues Releases Wiki Activity

(quickfix) loosening CSP

pull/821/head
Rigel Kent 2018-07-17 16:36:07 +02:00
parent 62945f067b
commit aa1c3d929f
No known key found for this signature in database
GPG Key ID: EA12971B0E438F36
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
server.ts
View File

@ -59,12 +59,13 @@ app.use(helmet({
}, },
contentSecurityPolicy: { contentSecurityPolicy: {
directives: { directives: {
fontSrc: ["'self'"], defaultSrc: ['*', 'data:', 'wss:', 'https:'],
fontSrc: ["'self'", 'data:'],
frameSrc: ["'none'"], frameSrc: ["'none'"],
mediaSrc: ['*', 'https:'], mediaSrc: ['*', 'https:'],
objectSrc: ["'none'"], objectSrc: ["'none'"],
scriptSrc: ["'self'"], scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
styleSrc: ["'self'"], styleSrc: ["'self'", "'unsafe-inline'"],
upgradeInsecureRequests: true upgradeInsecureRequests: true
}, },
browserSniff: false // assumes a modern browser, but allows CDN in front browserSniff: false // assumes a modern browser, but allows CDN in front
@ -73,6 +74,18 @@ app.use(helmet({
policy: 'strict-origin-when-cross-origin' policy: 'strict-origin-when-cross-origin'
} }
})) }))
app.use((_, res, next) => {
[
"vibrate 'none'",
"geolocation 'none'",
"camera 'none'",
"microphone 'none'",
"magnetometer 'none'",
"payment 'none'",
"accelerometer 'none'"
].forEach(e => res.append('Feature-Policy', e + ';'))
next()
})
// ----------- Database ----------- // ----------- Database -----------