diff options
author | Lucien A <lu.aubert84@gmail.com> | 2020-03-11 08:46:03 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-11 08:46:03 +0100 |
commit | 9878d1ac63682ba58ace4cbe8b1878fa77c58acb (patch) | |
tree | c2af8f6d449992bcaa82e01048ad3bae51134e1e /server | |
parent | 03efb1419d33627939ee9593633fc703b957199d (diff) | |
download | PeerTube-9878d1ac63682ba58ace4cbe8b1878fa77c58acb.tar.gz PeerTube-9878d1ac63682ba58ace4cbe8b1878fa77c58acb.tar.zst PeerTube-9878d1ac63682ba58ace4cbe8b1878fa77c58acb.zip |
Fix CSP issue on WebFinger service (#2541)
* Fix CSP issue on WebFinger service
WebFinger RFC states that CSP should allow any origin to access WebFinger resources.
* Update webfinger.ts
Diffstat (limited to 'server')
-rw-r--r-- | server/controllers/webfinger.ts | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/server/controllers/webfinger.ts b/server/controllers/webfinger.ts index 77c851880..5c308d9ad 100644 --- a/server/controllers/webfinger.ts +++ b/server/controllers/webfinger.ts | |||
@@ -1,9 +1,12 @@ | |||
1 | import * as cors from 'cors' | ||
1 | import * as express from 'express' | 2 | import * as express from 'express' |
2 | import { asyncMiddleware } from '../middlewares' | 3 | import { asyncMiddleware } from '../middlewares' |
3 | import { webfingerValidator } from '../middlewares/validators' | 4 | import { webfingerValidator } from '../middlewares/validators' |
4 | 5 | ||
5 | const webfingerRouter = express.Router() | 6 | const webfingerRouter = express.Router() |
6 | 7 | ||
8 | webfingerRouter.use(cors()) | ||
9 | |||
7 | webfingerRouter.get('/.well-known/webfinger', | 10 | webfingerRouter.get('/.well-known/webfinger', |
8 | asyncMiddleware(webfingerValidator), | 11 | asyncMiddleware(webfingerValidator), |
9 | webfingerController | 12 | webfingerController |