Add x-powered-by header

author: Chocobozzz <me@florianbigard.com> 2023-02-27 09:22:59 +0100
committer: Chocobozzz <me@florianbigard.com> 2023-02-27 09:22:59 +0100
commit: 4765348107ddd21cd2a0b86093859aa2e23ac0f1 (patch)
tree: c5989241291fbe8c3e2dfd4a3f7dc93c190602dc /server
parent: 357308ce22e235428ee5c48aaca9308ed194c01a (diff)
download: PeerTube-4765348107ddd21cd2a0b86093859aa2e23ac0f1.tar.gz
PeerTube-4765348107ddd21cd2a0b86093859aa2e23ac0f1.tar.zst
PeerTube-4765348107ddd21cd2a0b86093859aa2e23ac0f1.zip
3 files changed, 9 insertions, 5 deletions
diff --git a/server/initializers/checker-before-init.ts b/server/initializers/checker-before-init.ts
index 8b4d49180..74fed251c 100644
--- a/server/initializers/checker-before-init.ts
+++ b/server/initializers/checker-before-init.ts
@@ -26,7 +26,7 @@ function checkMissedConfig () {
    'user.video_quota', 'user.video_quota_daily',
    'video_channels.max_per_user',
    'csp.enabled', 'csp.report_only', 'csp.report_uri',
-    'security.frameguard.enabled',
+    'security.frameguard.enabled', 'security.powered_by_header.enabled',
    'cache.previews.size', 'cache.captions.size', 'cache.torrents.size', 'admin.email', 'contact_form.enabled',
    'signup.enabled', 'signup.limit', 'signup.requires_approval', 'signup.requires_email_verification', 'signup.minimum_age',
    'signup.filters.cidr.whitelist', 'signup.filters.cidr.blacklist',
diff --git a/server/initializers/config.ts b/server/initializers/config.ts
index 9685e7bfc..7ad258f7a 100644
--- a/server/initializers/config.ts
+++ b/server/initializers/config.ts
@@ -236,6 +236,9 @@ const CONFIG = {
  SECURITY: {
    FRAMEGUARD: {
      ENABLED: config.get<boolean>('security.frameguard.enabled')
+    },
+    POWERED_BY_HEADER: {
+      ENABLED: config.get<boolean>('security.powered_by_header.enabled')
    }
  },
  TRACKER: {
diff --git a/server/tests/api/server/config.ts b/server/tests/api/server/config.ts
index b91519660..de7c2f6e2 100644
--- a/server/tests/api/server/config.ts
+++ b/server/tests/api/server/config.ts
@@ -561,15 +561,13 @@ describe('Test config', function () {
  })
  it('Should remove the custom configuration', async function () {
-    this.timeout(10000)
    await server.config.deleteCustomConfig()
    const data = await server.config.getCustomConfig()
    checkInitialConfig(server, data)
  })
-  it('Should enable frameguard', async function () {
+  it('Should enable/disable security headers', async function () {
    this.timeout(25000)
    {
@@ -580,13 +578,15 @@ describe('Test config', function () {
      })
      expect(res.headers['x-frame-options']).to.exist
+      expect(res.headers['x-powered-by']).to.equal('PeerTube')
    }
    await killallServers([ server ])
    const config = {
      security: {
-        frameguard: { enabled: false }
+        frameguard: { enabled: false },
+        powered_by_header: { enabled: false }
      }
    }
    await server.run(config)
@@ -599,6 +599,7 @@ describe('Test config', function () {
      })
      expect(res.headers['x-frame-options']).to.not.exist
+      expect(res.headers['x-powered-by']).to.not.exist
    }
  })
author	Chocobozzz <me@florianbigard.com>	2023-02-27 09:22:59 +0100
committer	Chocobozzz <me@florianbigard.com>	2023-02-27 09:22:59 +0100
commit	4765348107ddd21cd2a0b86093859aa2e23ac0f1 (patch)
tree	c5989241291fbe8c3e2dfd4a3f7dc93c190602dc /server
parent	357308ce22e235428ee5c48aaca9308ed194c01a (diff)
download	PeerTube-4765348107ddd21cd2a0b86093859aa2e23ac0f1.tar.gz PeerTube-4765348107ddd21cd2a0b86093859aa2e23ac0f1.tar.zst PeerTube-4765348107ddd21cd2a0b86093859aa2e23ac0f1.zip