diff options
author | Chocobozzz <me@florianbigard.com> | 2020-08-25 13:54:59 +0200 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2020-08-25 13:54:59 +0200 |
commit | 50fcdebdb18ce7581f338d473680fb08046f4d08 (patch) | |
tree | 47ab757fb1927b614b68f7892af406510b6227b8 /server/middlewares | |
parent | f27624e8bf7c8c1e4c8ebecf83d780ac199e41e7 (diff) | |
download | PeerTube-50fcdebdb18ce7581f338d473680fb08046f4d08.tar.gz PeerTube-50fcdebdb18ce7581f338d473680fb08046f4d08.tar.zst PeerTube-50fcdebdb18ce7581f338d473680fb08046f4d08.zip |
Update server dependencies
Diffstat (limited to 'server/middlewares')
-rw-r--r-- | server/middlewares/csp.ts | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/server/middlewares/csp.ts b/server/middlewares/csp.ts index f5de69603..0ee44bf47 100644 --- a/server/middlewares/csp.ts +++ b/server/middlewares/csp.ts | |||
@@ -19,18 +19,16 @@ const baseDirectives = Object.assign({}, | |||
19 | workerSrc: [ '\'self\'', 'blob:' ] // instead of deprecated child-src | 19 | workerSrc: [ '\'self\'', 'blob:' ] // instead of deprecated child-src |
20 | }, | 20 | }, |
21 | CONFIG.CSP.REPORT_URI ? { reportUri: CONFIG.CSP.REPORT_URI } : {}, | 21 | CONFIG.CSP.REPORT_URI ? { reportUri: CONFIG.CSP.REPORT_URI } : {}, |
22 | CONFIG.WEBSERVER.SCHEME === 'https' ? { upgradeInsecureRequests: true } : {} | 22 | CONFIG.WEBSERVER.SCHEME === 'https' ? { upgradeInsecureRequests: [] } : {} |
23 | ) | 23 | ) |
24 | 24 | ||
25 | const baseCSP = helmet.contentSecurityPolicy({ | 25 | const baseCSP = helmet.contentSecurityPolicy({ |
26 | directives: baseDirectives, | 26 | directives: baseDirectives, |
27 | browserSniff: false, | ||
28 | reportOnly: CONFIG.CSP.REPORT_ONLY | 27 | reportOnly: CONFIG.CSP.REPORT_ONLY |
29 | }) | 28 | }) |
30 | 29 | ||
31 | const embedCSP = helmet.contentSecurityPolicy({ | 30 | const embedCSP = helmet.contentSecurityPolicy({ |
32 | directives: Object.assign({}, baseDirectives, { frameAncestors: [ '*' ] }), | 31 | directives: Object.assign({}, baseDirectives, { frameAncestors: [ '*' ] }), |
33 | browserSniff: false, // assumes a modern browser, but allows CDN in front | ||
34 | reportOnly: CONFIG.CSP.REPORT_ONLY | 32 | reportOnly: CONFIG.CSP.REPORT_ONLY |
35 | }) | 33 | }) |
36 | 34 | ||