diff options
author | Rigel Kent <par@rigelk.eu> | 2018-12-13 09:49:45 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2018-12-13 09:49:45 +0100 |
commit | 5e755fff9d70a7fd3c4f85bb524f1b774dd85b25 (patch) | |
tree | 699a0724de91f4151ec7d67b700f5b7736a78e45 /server/controllers | |
parent | 9ecac97be024cf2277872986950d7eec85cbc76e (diff) | |
download | PeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.tar.gz PeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.tar.zst PeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.zip |
add Content Security Policy (#1252)
* add Content Security Policy
* remove reflect-metadata on production builds to get rid of unsafe-eval
* fix baseCSP usage
* add SRI to CSP
* add blob: to media-src
* remove SRI
* CSP set to reportOnly
* adding data: to connect-src CSP
* remove block-all-mixed-content
* add report-uri support
Diffstat (limited to 'server/controllers')
-rw-r--r-- | server/controllers/client.ts | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/server/controllers/client.ts b/server/controllers/client.ts index 73b40cf65..e5bd487f1 100644 --- a/server/controllers/client.ts +++ b/server/controllers/client.ts | |||
@@ -2,7 +2,7 @@ import * as express from 'express' | |||
2 | import { join } from 'path' | 2 | import { join } from 'path' |
3 | import { root } from '../helpers/core-utils' | 3 | import { root } from '../helpers/core-utils' |
4 | import { ACCEPT_HEADERS, STATIC_MAX_AGE } from '../initializers' | 4 | import { ACCEPT_HEADERS, STATIC_MAX_AGE } from '../initializers' |
5 | import { asyncMiddleware } from '../middlewares' | 5 | import { asyncMiddleware, embedCSP } from '../middlewares' |
6 | import { buildFileLocale, getCompleteLocale, is18nLocale, LOCALE_FILES } from '../../shared/models/i18n/i18n' | 6 | import { buildFileLocale, getCompleteLocale, is18nLocale, LOCALE_FILES } from '../../shared/models/i18n/i18n' |
7 | import { ClientHtml } from '../lib/client-html' | 7 | import { ClientHtml } from '../lib/client-html' |
8 | import { logger } from '../helpers/logger' | 8 | import { logger } from '../helpers/logger' |
@@ -22,6 +22,7 @@ clientsRouter.use('/videos/watch/:id', | |||
22 | 22 | ||
23 | clientsRouter.use('' + | 23 | clientsRouter.use('' + |
24 | '/videos/embed', | 24 | '/videos/embed', |
25 | embedCSP, | ||
25 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 26 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
26 | res.removeHeader('X-Frame-Options') | 27 | res.removeHeader('X-Frame-Options') |
27 | res.sendFile(embedPath) | 28 | res.sendFile(embedPath) |