Dissociate frameguard from csp

author: Chocobozzz <me@florianbigard.com> 2021-04-12 15:33:54 +0200
committer: Chocobozzz <me@florianbigard.com> 2021-04-12 15:33:54 +0200
commit: 8155db669baff9aac5617a7aaf68dd35823ed7c9 (patch)
tree: 9a7575cd5d6bc9f4905d02c4a9aedd603ec2ec83 /server
parent: c24822a8fdbc0647aa983fe7d784864ec3b9b854 (diff)
download: PeerTube-8155db669baff9aac5617a7aaf68dd35823ed7c9.tar.gz
PeerTube-8155db669baff9aac5617a7aaf68dd35823ed7c9.tar.zst
PeerTube-8155db669baff9aac5617a7aaf68dd35823ed7c9.zip
3 files changed, 40 insertions, 0 deletions
diff --git a/server/initializers/checker-before-init.ts b/server/initializers/checker-before-init.ts
index e92cc4d2c..2864b0287 100644
--- a/server/initializers/checker-before-init.ts
+++ b/server/initializers/checker-before-init.ts
@@ -17,6 +17,7 @@ function checkMissedConfig () {
    'log.level',
    'user.video_quota', 'user.video_quota_daily',
    'csp.enabled', 'csp.report_only', 'csp.report_uri',
+    'security.frameguard.enabled',
    'cache.previews.size', 'cache.captions.size', 'cache.torrents.size', 'admin.email', 'contact_form.enabled',
    'signup.enabled', 'signup.limit', 'signup.requires_email_verification',
    'signup.filters.cidr.whitelist', 'signup.filters.cidr.blacklist',
diff --git a/server/initializers/config.ts b/server/initializers/config.ts
index 4e15acd0d..5281d3a66 100644
--- a/server/initializers/config.ts
+++ b/server/initializers/config.ts
@@ -134,6 +134,11 @@ const CONFIG = {
    REPORT_ONLY: config.get<boolean>('csp.report_only'),
    REPORT_URI: config.get<string>('csp.report_uri')
  },
+  SECURITY: {
+    FRAMEGUARD: {
+      ENABLED: config.get<boolean>('security.frameguard.enabled')
+    }
+  },
  TRACKER: {
    ENABLED: config.get<boolean>('tracker.enabled'),
    PRIVATE: config.get<boolean>('tracker.private'),
diff --git a/server/tests/api/server/config.ts b/server/tests/api/server/config.ts
index 0b0f48d22..1d9ea31df 100644
--- a/server/tests/api/server/config.ts
+++ b/server/tests/api/server/config.ts
@@ -12,6 +12,7 @@ import {
  getConfig,
  getCustomConfig,
  killallServers,
+  makeGetRequest,
  parallelTests,
  registerUser,
  reRunServer,
@@ -508,6 +509,39 @@ describe('Test config', function () {
    checkInitialConfig(server, data)
  })
+  it('Should enable frameguard', async function () {
+    this.timeout(25000)
+    {
+      const res = await makeGetRequest({
+        url: server.url,
+        path: '/api/v1/config',
+        statusCodeExpected: 200
+      })
+      expect(res.headers['x-frame-options']).to.exist
+    }
+    killallServers([ server ])
+    const config = {
+      security: {
+        frameguard: { enabled: false }
+      }
+    }
+    server = await reRunServer(server, config)
+    {
+      const res = await makeGetRequest({
+        url: server.url,
+        path: '/api/v1/config',
+        statusCodeExpected: 200
+      })
+      expect(res.headers['x-frame-options']).to.not.exist
+    }
+  })
  after(async function () {
    await cleanupTests([ server ])
  })
author	Chocobozzz <me@florianbigard.com>	2021-04-12 15:33:54 +0200
committer	Chocobozzz <me@florianbigard.com>	2021-04-12 15:33:54 +0200
commit	8155db669baff9aac5617a7aaf68dd35823ed7c9 (patch)
tree	9a7575cd5d6bc9f4905d02c4a9aedd603ec2ec83 /server
parent	c24822a8fdbc0647aa983fe7d784864ec3b9b854 (diff)
download	PeerTube-8155db669baff9aac5617a7aaf68dd35823ed7c9.tar.gz PeerTube-8155db669baff9aac5617a7aaf68dd35823ed7c9.tar.zst PeerTube-8155db669baff9aac5617a7aaf68dd35823ed7c9.zip

diff --git a/server/initializers/checker-before-init.ts b/server/initializers/checker-before-init.ts index e92cc4d2c..2864b0287 100644 --- a/server/initializers/checker-before-init.ts +++ b/server/initializers/checker-before-init.ts
@@ -17,6 +17,7 @@ function checkMissedConfig () {
17	'log.level',	17	'log.level',
18	'user.video_quota', 'user.video_quota_daily',	18	'user.video_quota', 'user.video_quota_daily',
19	'csp.enabled', 'csp.report_only', 'csp.report_uri',	19	'csp.enabled', 'csp.report_only', 'csp.report_uri',
		20	'security.frameguard.enabled',
20	'cache.previews.size', 'cache.captions.size', 'cache.torrents.size', 'admin.email', 'contact_form.enabled',	21	'cache.previews.size', 'cache.captions.size', 'cache.torrents.size', 'admin.email', 'contact_form.enabled',
21	'signup.enabled', 'signup.limit', 'signup.requires_email_verification',	22	'signup.enabled', 'signup.limit', 'signup.requires_email_verification',
22	'signup.filters.cidr.whitelist', 'signup.filters.cidr.blacklist',	23	'signup.filters.cidr.whitelist', 'signup.filters.cidr.blacklist',


diff --git a/server/initializers/config.ts b/server/initializers/config.ts index 4e15acd0d..5281d3a66 100644 --- a/server/initializers/config.ts +++ b/server/initializers/config.ts
@@ -134,6 +134,11 @@ const CONFIG = {
134	REPORT_ONLY: config.get<boolean>('csp.report_only'),	134	REPORT_ONLY: config.get<boolean>('csp.report_only'),
135	REPORT_URI: config.get<string>('csp.report_uri')	135	REPORT_URI: config.get<string>('csp.report_uri')
136	},	136	},
		137	SECURITY: {
		138	FRAMEGUARD: {
		139	ENABLED: config.get<boolean>('security.frameguard.enabled')
		140	}
		141	},
137	TRACKER: {	142	TRACKER: {
138	ENABLED: config.get<boolean>('tracker.enabled'),	143	ENABLED: config.get<boolean>('tracker.enabled'),
139	PRIVATE: config.get<boolean>('tracker.private'),	144	PRIVATE: config.get<boolean>('tracker.private'),


diff --git a/server/tests/api/server/config.ts b/server/tests/api/server/config.ts index 0b0f48d22..1d9ea31df 100644 --- a/server/tests/api/server/config.ts +++ b/server/tests/api/server/config.ts
@@ -12,6 +12,7 @@ import {
12	getConfig,	12	getConfig,
13	getCustomConfig,	13	getCustomConfig,
14	killallServers,	14	killallServers,
		15	makeGetRequest,
15	parallelTests,	16	parallelTests,
16	registerUser,	17	registerUser,
17	reRunServer,	18	reRunServer,
@@ -508,6 +509,39 @@ describe('Test config', function () {
508	checkInitialConfig(server, data)	509	checkInitialConfig(server, data)
509	})	510	})
510		511
		512	it('Should enable frameguard', async function () {
		513	this.timeout(25000)
		514
		515	{
		516	const res = await makeGetRequest({
		517	url: server.url,
		518	path: '/api/v1/config',
		519	statusCodeExpected: 200
		520	})
		521
		522	expect(res.headers['x-frame-options']).to.exist
		523	}
		524
		525	killallServers([ server ])
		526
		527	const config = {
		528	security: {
		529	frameguard: { enabled: false }
		530	}
		531	}
		532	server = await reRunServer(server, config)
		533
		534	{
		535	const res = await makeGetRequest({
		536	url: server.url,
		537	path: '/api/v1/config',
		538	statusCodeExpected: 200
		539	})
		540
		541	expect(res.headers['x-frame-options']).to.not.exist
		542	}
		543	})
		544
511	after(async function () {	545	after(async function () {
512	await cleanupTests([ server ])	546	await cleanupTests([ server ])
513	})	547	})