diff options
| author | Rigel Kent <sendmemail@rigelk.eu> | 2018-07-17 11:37:25 +0200 |
|---|---|---|
| committer | Rigel Kent <par@rigelk.eu> | 2018-07-17 12:03:31 +0200 |
| commit | 4bdd9473fdecfa7e309e3c59b05b29d0a20ac397 (patch) | |
| tree | 4766ca460b4e5346d322f96cecee1f05ae32bfc7 /server.ts | |
| parent | d00e2393d4269c0b4e280753e5f82ac06bd218c6 (diff) | |
| download | PeerTube-4bdd9473fdecfa7e309e3c59b05b29d0a20ac397.tar.gz PeerTube-4bdd9473fdecfa7e309e3c59b05b29d0a20ac397.tar.zst PeerTube-4bdd9473fdecfa7e309e3c59b05b29d0a20ac397.zip | |
adding CSP, no-referrer policies and allow dns prefetching
Diffstat (limited to 'server.ts')
| -rw-r--r-- | server.ts | 20 |
1 files changed, 19 insertions, 1 deletions
| @@ -52,7 +52,25 @@ app.set('trust proxy', CONFIG.TRUST_PROXY) | |||
| 52 | // Security middlewares | 52 | // Security middlewares |
| 53 | app.use(helmet({ | 53 | app.use(helmet({ |
| 54 | frameguard: { | 54 | frameguard: { |
| 55 | action: 'deny' | 55 | action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts |
| 56 | }, | ||
| 57 | dnsPrefetchControl: { | ||
| 58 | allow: true | ||
| 59 | }, | ||
| 60 | contentSecurityPolicy: { | ||
| 61 | directives: { | ||
| 62 | fontSrc: ["'self'"], | ||
| 63 | frameSrc: ["'none'"], | ||
| 64 | mediaSrc: ['*', 'https:'], | ||
| 65 | objectSrc: ["'none'"], | ||
| 66 | scriptSrc: ["'self'"], | ||
| 67 | styleSrc: ["'self'"], | ||
| 68 | upgradeInsecureRequests: true | ||
| 69 | }, | ||
| 70 | browserSniff: false // assumes a modern browser, but allows CDN in front | ||
| 71 | }, | ||
| 72 | referrerPolicy: { | ||
| 73 | policy: 'strict-origin-when-cross-origin' | ||
| 56 | } | 74 | } |
| 57 | })) | 75 | })) |
| 58 | 76 | ||