aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2023-02-27 09:22:59 +0100
committerChocobozzz <me@florianbigard.com>2023-02-27 09:22:59 +0100
commit4765348107ddd21cd2a0b86093859aa2e23ac0f1 (patch)
treec5989241291fbe8c3e2dfd4a3f7dc93c190602dc
parent357308ce22e235428ee5c48aaca9308ed194c01a (diff)
downloadPeerTube-4765348107ddd21cd2a0b86093859aa2e23ac0f1.tar.gz
PeerTube-4765348107ddd21cd2a0b86093859aa2e23ac0f1.tar.zst
PeerTube-4765348107ddd21cd2a0b86093859aa2e23ac0f1.zip
Add x-powered-by header
-rw-r--r--config/default.yaml5
-rw-r--r--config/production.yaml.example5
-rw-r--r--server.ts5
-rw-r--r--server/initializers/checker-before-init.ts2
-rw-r--r--server/initializers/config.ts3
-rw-r--r--server/tests/api/server/config.ts9
6 files changed, 24 insertions, 5 deletions
diff --git a/config/default.yaml b/config/default.yaml
index d2bfae2aa..7ce345e2d 100644
--- a/config/default.yaml
+++ b/config/default.yaml
@@ -288,6 +288,11 @@ security:
288 frameguard: 288 frameguard:
289 enabled: true 289 enabled: true
290 290
291 # Set x-powered-by HTTP header to "PeerTube"
292 # Can help remote software to know this is a PeerTube instance
293 powered_by_header:
294 enabled: true
295
291tracker: 296tracker:
292 # If you disable the tracker, you disable the P2P on your PeerTube instance 297 # If you disable the tracker, you disable the P2P on your PeerTube instance
293 enabled: true 298 enabled: true
diff --git a/config/production.yaml.example b/config/production.yaml.example
index 0c942c5ec..877d77e01 100644
--- a/config/production.yaml.example
+++ b/config/production.yaml.example
@@ -286,6 +286,11 @@ security:
286 frameguard: 286 frameguard:
287 enabled: true 287 enabled: true
288 288
289 # Set x-powered-by HTTP header to "PeerTube"
290 # Can help remote software to know this is a PeerTube instance
291 powered_by_header:
292 enabled: true
293
289tracker: 294tracker:
290 # If you disable the tracker, you disable the P2P on your PeerTube instance 295 # If you disable the tracker, you disable the P2P on your PeerTube instance
291 enabled: true 296 enabled: true
diff --git a/server.ts b/server.ts
index d1ac2d092..7bab18b0c 100644
--- a/server.ts
+++ b/server.ts
@@ -56,8 +56,13 @@ try {
56app.set('trust proxy', CONFIG.TRUST_PROXY) 56app.set('trust proxy', CONFIG.TRUST_PROXY)
57 57
58app.use((_req, res, next) => { 58app.use((_req, res, next) => {
59 // OpenTelemetry
59 res.locals.requestStart = Date.now() 60 res.locals.requestStart = Date.now()
60 61
62 if (CONFIG.SECURITY.POWERED_BY_HEADER.ENABLED === true) {
63 res.setHeader('x-powered-by', 'PeerTube')
64 }
65
61 return next() 66 return next()
62}) 67})
63 68
diff --git a/server/initializers/checker-before-init.ts b/server/initializers/checker-before-init.ts
index 8b4d49180..74fed251c 100644
--- a/server/initializers/checker-before-init.ts
+++ b/server/initializers/checker-before-init.ts
@@ -26,7 +26,7 @@ function checkMissedConfig () {
26 'user.video_quota', 'user.video_quota_daily', 26 'user.video_quota', 'user.video_quota_daily',
27 'video_channels.max_per_user', 27 'video_channels.max_per_user',
28 'csp.enabled', 'csp.report_only', 'csp.report_uri', 28 'csp.enabled', 'csp.report_only', 'csp.report_uri',
29 'security.frameguard.enabled', 29 'security.frameguard.enabled', 'security.powered_by_header.enabled',
30 'cache.previews.size', 'cache.captions.size', 'cache.torrents.size', 'admin.email', 'contact_form.enabled', 30 'cache.previews.size', 'cache.captions.size', 'cache.torrents.size', 'admin.email', 'contact_form.enabled',
31 'signup.enabled', 'signup.limit', 'signup.requires_approval', 'signup.requires_email_verification', 'signup.minimum_age', 31 'signup.enabled', 'signup.limit', 'signup.requires_approval', 'signup.requires_email_verification', 'signup.minimum_age',
32 'signup.filters.cidr.whitelist', 'signup.filters.cidr.blacklist', 32 'signup.filters.cidr.whitelist', 'signup.filters.cidr.blacklist',
diff --git a/server/initializers/config.ts b/server/initializers/config.ts
index 9685e7bfc..7ad258f7a 100644
--- a/server/initializers/config.ts
+++ b/server/initializers/config.ts
@@ -236,6 +236,9 @@ const CONFIG = {
236 SECURITY: { 236 SECURITY: {
237 FRAMEGUARD: { 237 FRAMEGUARD: {
238 ENABLED: config.get<boolean>('security.frameguard.enabled') 238 ENABLED: config.get<boolean>('security.frameguard.enabled')
239 },
240 POWERED_BY_HEADER: {
241 ENABLED: config.get<boolean>('security.powered_by_header.enabled')
239 } 242 }
240 }, 243 },
241 TRACKER: { 244 TRACKER: {
diff --git a/server/tests/api/server/config.ts b/server/tests/api/server/config.ts
index b91519660..de7c2f6e2 100644
--- a/server/tests/api/server/config.ts
+++ b/server/tests/api/server/config.ts
@@ -561,15 +561,13 @@ describe('Test config', function () {
561 }) 561 })
562 562
563 it('Should remove the custom configuration', async function () { 563 it('Should remove the custom configuration', async function () {
564 this.timeout(10000)
565
566 await server.config.deleteCustomConfig() 564 await server.config.deleteCustomConfig()
567 565
568 const data = await server.config.getCustomConfig() 566 const data = await server.config.getCustomConfig()
569 checkInitialConfig(server, data) 567 checkInitialConfig(server, data)
570 }) 568 })
571 569
572 it('Should enable frameguard', async function () { 570 it('Should enable/disable security headers', async function () {
573 this.timeout(25000) 571 this.timeout(25000)
574 572
575 { 573 {
@@ -580,13 +578,15 @@ describe('Test config', function () {
580 }) 578 })
581 579
582 expect(res.headers['x-frame-options']).to.exist 580 expect(res.headers['x-frame-options']).to.exist
581 expect(res.headers['x-powered-by']).to.equal('PeerTube')
583 } 582 }
584 583
585 await killallServers([ server ]) 584 await killallServers([ server ])
586 585
587 const config = { 586 const config = {
588 security: { 587 security: {
589 frameguard: { enabled: false } 588 frameguard: { enabled: false },
589 powered_by_header: { enabled: false }
590 } 590 }
591 } 591 }
592 await server.run(config) 592 await server.run(config)
@@ -599,6 +599,7 @@ describe('Test config', function () {
599 }) 599 })
600 600
601 expect(res.headers['x-frame-options']).to.not.exist 601 expect(res.headers['x-frame-options']).to.not.exist
602 expect(res.headers['x-powered-by']).to.not.exist
602 } 603 }
603 }) 604 })
604 605