BREAKING: update CSP configuration

Disable it by default and add ability to specify a custom report uri
author: Chocobozzz <me@florianbigard.com> 2019-02-21 16:27:32 +0100
committer: Chocobozzz <me@florianbigard.com> 2019-02-21 16:28:53 +0100
commit: 539d3f4faa1c1d2dbc68bb3ac0ba3549252e0f2a (patch)
tree: 9bddd2ba539a49b3741fbd2ff3a2127e41a40268 /server/initializers
parent: c8000975d361fae166a6ebecac5005238e14d4c9 (diff)
download: PeerTube-539d3f4faa1c1d2dbc68bb3ac0ba3549252e0f2a.tar.gz
PeerTube-539d3f4faa1c1d2dbc68bb3ac0ba3549252e0f2a.tar.zst
PeerTube-539d3f4faa1c1d2dbc68bb3ac0ba3549252e0f2a.zip
3 files changed, 12 insertions, 1 deletions
diff --git a/server/initializers/checker-after-init.ts b/server/initializers/checker-after-init.ts
index 955d55206..53124f9ec 100644
--- a/server/initializers/checker-after-init.ts
+++ b/server/initializers/checker-after-init.ts
@@ -34,6 +34,12 @@ async function checkActivityPubUrls () {
 // Return an error message, or null if everything is okay
 function checkConfig () {
+  // Moved configuration keys
+  if (config.has('services.csp-logger')) {
+    logger.warn('services.csp-logger configuration has been renamed to csp.report_uri. Please update your configuration file.')
+  }
+  // Email verification
  if (!Emailer.isEnabled()) {
    if (CONFIG.SIGNUP.ENABLED && CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION) {
      return 'Emailer is disabled but you require signup email verification.'
diff --git a/server/initializers/checker-before-init.ts b/server/initializers/checker-before-init.ts
index 230fdd356..2567d957b 100644
--- a/server/initializers/checker-before-init.ts
+++ b/server/initializers/checker-before-init.ts
@@ -15,6 +15,7 @@ function checkMissedConfig () {
    'storage.redundancy', 'storage.tmp', 'storage.playlists',
    'log.level',
    'user.video_quota', 'user.video_quota_daily',
+    'csp.enabled', 'csp.report_only', 'csp.report_uri',
    'cache.previews.size', 'admin.email', 'contact_form.enabled',
    'signup.enabled', 'signup.limit', 'signup.requires_email_verification',
    'signup.filters.cidr.whitelist', 'signup.filters.cidr.blacklist',
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index 0ede45620..0d9a6a512 100644
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -229,6 +229,11 @@ const CONFIG = {
      STRATEGIES: buildVideosRedundancy(config.get<any[]>('redundancy.videos.strategies'))
    }
  },
+  CSP: {
+    ENABLED: config.get<boolean>('csp.enabled'),
+    REPORT_ONLY: config.get<boolean>('csp.report_only'),
+    REPORT_URI: config.get<boolean>('csp.report_uri')
+  },
  ADMIN: {
    get EMAIL () { return config.get<string>('admin.email') }
  },
@@ -300,7 +305,6 @@ const CONFIG = {
    get SECURITYTXT_CONTACT () { return config.get<string>('admin.email') }
  },
  SERVICES: {
-    get 'CSP-LOGGER' () { return config.get<string>('services.csp-logger') },
    TWITTER: {
      get USERNAME () { return config.get<string>('services.twitter.username') },
      get WHITELISTED () { return config.get<boolean>('services.twitter.whitelisted') }
author	Chocobozzz <me@florianbigard.com>	2019-02-21 16:27:32 +0100
committer	Chocobozzz <me@florianbigard.com>	2019-02-21 16:28:53 +0100
commit	539d3f4faa1c1d2dbc68bb3ac0ba3549252e0f2a (patch)
tree	9bddd2ba539a49b3741fbd2ff3a2127e41a40268 /server/initializers
parent	c8000975d361fae166a6ebecac5005238e14d4c9 (diff)
download	PeerTube-539d3f4faa1c1d2dbc68bb3ac0ba3549252e0f2a.tar.gz PeerTube-539d3f4faa1c1d2dbc68bb3ac0ba3549252e0f2a.tar.zst PeerTube-539d3f4faa1c1d2dbc68bb3ac0ba3549252e0f2a.zip