// FIXME: https://github.com/nodejs/node/pull/16853
+import { VideosCaptionCache } from './server/lib/cache/videos-caption-cache'
+
require('tls').DEFAULT_ECDH_CURVE = 'auto'
import { isTestInstance } from './server/helpers/core-utils'
import * as morgan from 'morgan'
import * as cors from 'cors'
import * as cookieParser from 'cookie-parser'
+import * as helmet from 'helmet'
process.title = 'peertube'
// Do not use barrels because we don't want to load all modules here (we need to initialize database first)
import { logger } from './server/helpers/logger'
-import { API_VERSION, CONFIG, STATIC_PATHS } from './server/initializers/constants'
+import { API_VERSION, CONFIG, STATIC_PATHS, CACHE } from './server/initializers/constants'
const missed = checkMissedConfig()
if (missed.length !== 0) {
// Trust our proxy (IP forwarding...)
app.set('trust proxy', CONFIG.TRUST_PROXY)
+// Security middlewares
+app.use(helmet({
+ frameguard: {
+ action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts
+ },
+ dnsPrefetchControl: {
+ allow: true
+ },
+ contentSecurityPolicy: {
+ directives: {
+ fontSrc: ["'self'"],
+ frameSrc: ["'none'"],
+ mediaSrc: ['*', 'https:'],
+ objectSrc: ["'none'"],
+ scriptSrc: ["'self'"],
+ styleSrc: ["'self'"],
+ upgradeInsecureRequests: true
+ },
+ browserSniff: false // assumes a modern browser, but allows CDN in front
+ },
+ referrerPolicy: {
+ policy: 'strict-origin-when-cross-origin'
+ }
+}))
+
// ----------- Database -----------
// Initialize database and models
await JobQueue.Instance.init()
// Caches initializations
- VideosPreviewCache.Instance.init(CONFIG.CACHE.PREVIEWS.SIZE)
+ VideosPreviewCache.Instance.init(CONFIG.CACHE.PREVIEWS.SIZE, CACHE.PREVIEWS.MAX_AGE)
+ VideosCaptionCache.Instance.init(CONFIG.CACHE.VIDEO_CAPTIONS.SIZE, CACHE.VIDEO_CAPTIONS.MAX_AGE)
// Enable Schedulers
BadActorFollowScheduler.Instance.enable()