aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/controllers
diff options
context:
space:
mode:
authorRigel Kent <par@rigelk.eu>2018-12-13 09:49:45 +0100
committerChocobozzz <me@florianbigard.com>2018-12-13 09:49:45 +0100
commit5e755fff9d70a7fd3c4f85bb524f1b774dd85b25 (patch)
tree699a0724de91f4151ec7d67b700f5b7736a78e45 /server/controllers
parent9ecac97be024cf2277872986950d7eec85cbc76e (diff)
downloadPeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.tar.gz
PeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.tar.zst
PeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.zip
add Content Security Policy (#1252)
* add Content Security Policy * remove reflect-metadata on production builds to get rid of unsafe-eval * fix baseCSP usage * add SRI to CSP * add blob: to media-src * remove SRI * CSP set to reportOnly * adding data: to connect-src CSP * remove block-all-mixed-content * add report-uri support
Diffstat (limited to 'server/controllers')
-rw-r--r--server/controllers/client.ts3
1 files changed, 2 insertions, 1 deletions
diff --git a/server/controllers/client.ts b/server/controllers/client.ts
index 73b40cf65..e5bd487f1 100644
--- a/server/controllers/client.ts
+++ b/server/controllers/client.ts
@@ -2,7 +2,7 @@ import * as express from 'express'
2import { join } from 'path' 2import { join } from 'path'
3import { root } from '../helpers/core-utils' 3import { root } from '../helpers/core-utils'
4import { ACCEPT_HEADERS, STATIC_MAX_AGE } from '../initializers' 4import { ACCEPT_HEADERS, STATIC_MAX_AGE } from '../initializers'
5import { asyncMiddleware } from '../middlewares' 5import { asyncMiddleware, embedCSP } from '../middlewares'
6import { buildFileLocale, getCompleteLocale, is18nLocale, LOCALE_FILES } from '../../shared/models/i18n/i18n' 6import { buildFileLocale, getCompleteLocale, is18nLocale, LOCALE_FILES } from '../../shared/models/i18n/i18n'
7import { ClientHtml } from '../lib/client-html' 7import { ClientHtml } from '../lib/client-html'
8import { logger } from '../helpers/logger' 8import { logger } from '../helpers/logger'
@@ -22,6 +22,7 @@ clientsRouter.use('/videos/watch/:id',
22 22
23clientsRouter.use('' + 23clientsRouter.use('' +
24 '/videos/embed', 24 '/videos/embed',
25 embedCSP,
25 (req: express.Request, res: express.Response, next: express.NextFunction) => { 26 (req: express.Request, res: express.Response, next: express.NextFunction) => {
26 res.removeHeader('X-Frame-Options') 27 res.removeHeader('X-Frame-Options')
27 res.sendFile(embedPath) 28 res.sendFile(embedPath)