aboutsummaryrefslogtreecommitdiffhomepage
path: root/server
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2021-04-12 15:33:54 +0200
committerChocobozzz <me@florianbigard.com>2021-04-12 15:33:54 +0200
commit8155db669baff9aac5617a7aaf68dd35823ed7c9 (patch)
tree9a7575cd5d6bc9f4905d02c4a9aedd603ec2ec83 /server
parentc24822a8fdbc0647aa983fe7d784864ec3b9b854 (diff)
downloadPeerTube-8155db669baff9aac5617a7aaf68dd35823ed7c9.tar.gz
PeerTube-8155db669baff9aac5617a7aaf68dd35823ed7c9.tar.zst
PeerTube-8155db669baff9aac5617a7aaf68dd35823ed7c9.zip
Dissociate frameguard from csp
Diffstat (limited to 'server')
-rw-r--r--server/initializers/checker-before-init.ts1
-rw-r--r--server/initializers/config.ts5
-rw-r--r--server/tests/api/server/config.ts34
3 files changed, 40 insertions, 0 deletions
diff --git a/server/initializers/checker-before-init.ts b/server/initializers/checker-before-init.ts
index e92cc4d2c..2864b0287 100644
--- a/server/initializers/checker-before-init.ts
+++ b/server/initializers/checker-before-init.ts
@@ -17,6 +17,7 @@ function checkMissedConfig () {
17 'log.level', 17 'log.level',
18 'user.video_quota', 'user.video_quota_daily', 18 'user.video_quota', 'user.video_quota_daily',
19 'csp.enabled', 'csp.report_only', 'csp.report_uri', 19 'csp.enabled', 'csp.report_only', 'csp.report_uri',
20 'security.frameguard.enabled',
20 'cache.previews.size', 'cache.captions.size', 'cache.torrents.size', 'admin.email', 'contact_form.enabled', 21 'cache.previews.size', 'cache.captions.size', 'cache.torrents.size', 'admin.email', 'contact_form.enabled',
21 'signup.enabled', 'signup.limit', 'signup.requires_email_verification', 22 'signup.enabled', 'signup.limit', 'signup.requires_email_verification',
22 'signup.filters.cidr.whitelist', 'signup.filters.cidr.blacklist', 23 'signup.filters.cidr.whitelist', 'signup.filters.cidr.blacklist',
diff --git a/server/initializers/config.ts b/server/initializers/config.ts
index 4e15acd0d..5281d3a66 100644
--- a/server/initializers/config.ts
+++ b/server/initializers/config.ts
@@ -134,6 +134,11 @@ const CONFIG = {
134 REPORT_ONLY: config.get<boolean>('csp.report_only'), 134 REPORT_ONLY: config.get<boolean>('csp.report_only'),
135 REPORT_URI: config.get<string>('csp.report_uri') 135 REPORT_URI: config.get<string>('csp.report_uri')
136 }, 136 },
137 SECURITY: {
138 FRAMEGUARD: {
139 ENABLED: config.get<boolean>('security.frameguard.enabled')
140 }
141 },
137 TRACKER: { 142 TRACKER: {
138 ENABLED: config.get<boolean>('tracker.enabled'), 143 ENABLED: config.get<boolean>('tracker.enabled'),
139 PRIVATE: config.get<boolean>('tracker.private'), 144 PRIVATE: config.get<boolean>('tracker.private'),
diff --git a/server/tests/api/server/config.ts b/server/tests/api/server/config.ts
index 0b0f48d22..1d9ea31df 100644
--- a/server/tests/api/server/config.ts
+++ b/server/tests/api/server/config.ts
@@ -12,6 +12,7 @@ import {
12 getConfig, 12 getConfig,
13 getCustomConfig, 13 getCustomConfig,
14 killallServers, 14 killallServers,
15 makeGetRequest,
15 parallelTests, 16 parallelTests,
16 registerUser, 17 registerUser,
17 reRunServer, 18 reRunServer,
@@ -508,6 +509,39 @@ describe('Test config', function () {
508 checkInitialConfig(server, data) 509 checkInitialConfig(server, data)
509 }) 510 })
510 511
512 it('Should enable frameguard', async function () {
513 this.timeout(25000)
514
515 {
516 const res = await makeGetRequest({
517 url: server.url,
518 path: '/api/v1/config',
519 statusCodeExpected: 200
520 })
521
522 expect(res.headers['x-frame-options']).to.exist
523 }
524
525 killallServers([ server ])
526
527 const config = {
528 security: {
529 frameguard: { enabled: false }
530 }
531 }
532 server = await reRunServer(server, config)
533
534 {
535 const res = await makeGetRequest({
536 url: server.url,
537 path: '/api/v1/config',
538 statusCodeExpected: 200
539 })
540
541 expect(res.headers['x-frame-options']).to.not.exist
542 }
543 })
544
511 after(async function () { 545 after(async function () {
512 await cleanupTests([ server ]) 546 await cleanupTests([ server ])
513 }) 547 })