aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--server.ts20
-rw-r--r--yarn.lock101
2 files changed, 31 insertions, 90 deletions
diff --git a/server.ts b/server.ts
index 26750802c..a688bb5d0 100644
--- a/server.ts
+++ b/server.ts
@@ -52,7 +52,25 @@ app.set('trust proxy', CONFIG.TRUST_PROXY)
52// Security middlewares 52// Security middlewares
53app.use(helmet({ 53app.use(helmet({
54 frameguard: { 54 frameguard: {
55 action: 'deny' 55 action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts
56 },
57 dnsPrefetchControl: {
58 allow: true
59 },
60 contentSecurityPolicy: {
61 directives: {
62 fontSrc: ["'self'"],
63 frameSrc: ["'none'"],
64 mediaSrc: ['*', 'https:'],
65 objectSrc: ["'none'"],
66 scriptSrc: ["'self'"],
67 styleSrc: ["'self'"],
68 upgradeInsecureRequests: true
69 },
70 browserSniff: false // assumes a modern browser, but allows CDN in front
71 },
72 referrerPolicy: {
73 policy: 'strict-origin-when-cross-origin'
56 } 74 }
57})) 75}))
58 76
diff --git a/yarn.lock b/yarn.lock
index 4232c4236..5124992db 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2731,12 +2731,6 @@ gaze@^1.0.0, gaze@^1.1.0:
2731 dependencies: 2731 dependencies:
2732 globule "^1.0.0" 2732 globule "^1.0.0"
2733 2733
2734gaze@~0.5.1:
2735 version "0.5.2"
2736 resolved "https://registry.yarnpkg.com/gaze/-/gaze-0.5.2.tgz#40b709537d24d1d45767db5a908689dfe69ac44f"
2737 dependencies:
2738 globule "~0.1.0"
2739
2740generate-function@^2.0.0: 2734generate-function@^2.0.0:
2741 version "2.0.0" 2735 version "2.0.0"
2742 resolved "https://registry.yarnpkg.com/generate-function/-/generate-function-2.0.0.tgz#6858fe7c0969b7d4e9093337647ac79f60dfbe74" 2736 resolved "https://registry.yarnpkg.com/generate-function/-/generate-function-2.0.0.tgz#6858fe7c0969b7d4e9093337647ac79f60dfbe74"
@@ -2897,14 +2891,6 @@ globule@^1.0.0:
2897 lodash "~4.17.10" 2891 lodash "~4.17.10"
2898 minimatch "~3.0.2" 2892 minimatch "~3.0.2"
2899 2893
2900globule@~0.1.0:
2901 version "0.1.0"
2902 resolved "https://registry.yarnpkg.com/globule/-/globule-0.1.0.tgz#d9c8edde1da79d125a151b79533b978676346ae5"
2903 dependencies:
2904 glob "~3.1.21"
2905 lodash "~1.0.1"
2906 minimatch "~0.2.11"
2907
2908gonzales-pe-sl@^4.2.3: 2894gonzales-pe-sl@^4.2.3:
2909 version "4.2.3" 2895 version "4.2.3"
2910 resolved "https://registry.yarnpkg.com/gonzales-pe-sl/-/gonzales-pe-sl-4.2.3.tgz#6a868bc380645f141feeb042c6f97fcc71b59fe6" 2896 resolved "https://registry.yarnpkg.com/gonzales-pe-sl/-/gonzales-pe-sl-4.2.3.tgz#6a868bc380645f141feeb042c6f97fcc71b59fe6"
@@ -2931,10 +2917,6 @@ graceful-fs@^4.1.11, graceful-fs@^4.1.2, graceful-fs@^4.1.6:
2931 version "4.1.11" 2917 version "4.1.11"
2932 resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.1.11.tgz#0e8bdfe4d1ddb8854d64e04ea7c00e2a026e5658" 2918 resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.1.11.tgz#0e8bdfe4d1ddb8854d64e04ea7c00e2a026e5658"
2933 2919
2934graceful-fs@~1.2.0:
2935 version "1.2.3"
2936 resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-1.2.3.tgz#15a4806a57547cb2d2dbf27f42e89a8c3451b364"
2937
2938graceful-fs@~2.0.2: 2920graceful-fs@~2.0.2:
2939 version "2.0.3" 2921 version "2.0.3"
2940 resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-2.0.3.tgz#7cd2cdb228a4a3f36e95efa6cc142de7d1a136d0" 2922 resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-2.0.3.tgz#7cd2cdb228a4a3f36e95efa6cc142de7d1a136d0"
@@ -3153,15 +3135,6 @@ har-schema@^2.0.0:
3153 version "2.0.0" 3135 version "2.0.0"
3154 resolved "https://registry.yarnpkg.com/har-schema/-/har-schema-2.0.0.tgz#a94c2224ebcac04782a0d9035521f24735b7ec92" 3136 resolved "https://registry.yarnpkg.com/har-schema/-/har-schema-2.0.0.tgz#a94c2224ebcac04782a0d9035521f24735b7ec92"
3155 3137
3156har-validator@~2.0.6:
3157 version "2.0.6"
3158 resolved "https://registry.yarnpkg.com/har-validator/-/har-validator-2.0.6.tgz#cdcbc08188265ad119b6a5a7c8ab70eecfb5d27d"
3159 dependencies:
3160 chalk "^1.1.1"
3161 commander "^2.9.0"
3162 is-my-json-valid "^2.12.4"
3163 pinkie-promise "^2.0.0"
3164
3165har-validator@~4.2.1: 3138har-validator@~4.2.1:
3166 version "4.2.1" 3139 version "4.2.1"
3167 resolved "https://registry.yarnpkg.com/har-validator/-/har-validator-4.2.1.tgz#33481d0f1bbff600dd203d75812a6a5fba002e2a" 3140 resolved "https://registry.yarnpkg.com/har-validator/-/har-validator-4.2.1.tgz#33481d0f1bbff600dd203d75812a6a5fba002e2a"
@@ -3176,12 +3149,6 @@ har-validator@~5.0.3:
3176 ajv "^5.1.0" 3149 ajv "^5.1.0"
3177 har-schema "^2.0.0" 3150 har-schema "^2.0.0"
3178 3151
3179has-ansi@^0.1.0:
3180 version "0.1.0"
3181 resolved "https://registry.yarnpkg.com/has-ansi/-/has-ansi-0.1.0.tgz#84f265aae8c0e6a88a12d7022894b7568894c62e"
3182 dependencies:
3183 ansi-regex "^0.2.0"
3184
3185has-ansi@^2.0.0: 3152has-ansi@^2.0.0:
3186 version "2.0.0" 3153 version "2.0.0"
3187 resolved "https://registry.yarnpkg.com/has-ansi/-/has-ansi-2.0.0.tgz#34f5049ce1ecdf2b0649af3ef24e45ed35416d91" 3154 resolved "https://registry.yarnpkg.com/has-ansi/-/has-ansi-2.0.0.tgz#34f5049ce1ecdf2b0649af3ef24e45ed35416d91"
@@ -3316,6 +3283,14 @@ hosted-git-info@^2.1.4:
3316 version "2.7.1" 3283 version "2.7.1"
3317 resolved "https://registry.yarnpkg.com/hosted-git-info/-/hosted-git-info-2.7.1.tgz#97f236977bd6e125408930ff6de3eec6281ec047" 3284 resolved "https://registry.yarnpkg.com/hosted-git-info/-/hosted-git-info-2.7.1.tgz#97f236977bd6e125408930ff6de3eec6281ec047"
3318 3285
3286hpkp@2.0.0:
3287 version "2.0.0"
3288 resolved "https://registry.yarnpkg.com/hpkp/-/hpkp-2.0.0.tgz#10e142264e76215a5d30c44ec43de64dee6d1672"
3289
3290hsts@2.1.0:
3291 version "2.1.0"
3292 resolved "https://registry.yarnpkg.com/hsts/-/hsts-2.1.0.tgz#cbd6c918a2385fee1dd5680bfb2b3a194c0121cc"
3293
3319htmlparser2@3.8.x, htmlparser2@~3.8.1: 3294htmlparser2@3.8.x, htmlparser2@~3.8.1:
3320 version "3.8.3" 3295 version "3.8.3"
3321 resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-3.8.3.tgz#996c28b191516a8be86501a7d79757e5c70c1068" 3296 resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-3.8.3.tgz#996c28b191516a8be86501a7d79757e5c70c1068"
@@ -3335,16 +3310,6 @@ htmlparser2@~3.5.0:
3335 domutils "1.3" 3310 domutils "1.3"
3336 readable-stream "1.1" 3311 readable-stream "1.1"
3337 3312
3338htmlparser2@~3.8.1:
3339 version "3.8.3"
3340 resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-3.8.3.tgz#996c28b191516a8be86501a7d79757e5c70c1068"
3341 dependencies:
3342 domelementtype "1"
3343 domhandler "2.3"
3344 domutils "1.5"
3345 entities "1.0"
3346 readable-stream "1.1"
3347
3348http-basic@^2.5.1: 3313http-basic@^2.5.1:
3349 version "2.5.1" 3314 version "2.5.1"
3350 resolved "https://registry.yarnpkg.com/http-basic/-/http-basic-2.5.1.tgz#8ce447bdb5b6c577f8a63e3fa78056ec4bb4dbfb" 3315 resolved "https://registry.yarnpkg.com/http-basic/-/http-basic-2.5.1.tgz#8ce447bdb5b6c577f8a63e3fa78056ec4bb4dbfb"
@@ -3435,10 +3400,6 @@ iconv-lite@0.4.23, iconv-lite@^0.4.4, iconv-lite@~0.4.13:
3435 dependencies: 3400 dependencies:
3436 safer-buffer ">= 2.1.2 < 3" 3401 safer-buffer ">= 2.1.2 < 3"
3437 3402
3438iconv-lite@~0.2.11:
3439 version "0.2.11"
3440 resolved "https://registry.yarnpkg.com/iconv-lite/-/iconv-lite-0.2.11.tgz#1ce60a3a57864a292d1321ff4609ca4bb965adc8"
3441
3442ienoopen@1.0.0: 3403ienoopen@1.0.0:
3443 version "1.0.0" 3404 version "1.0.0"
3444 resolved "https://registry.yarnpkg.com/ienoopen/-/ienoopen-1.0.0.tgz#346a428f474aac8f50cf3784ea2d0f16f62bda6b" 3405 resolved "https://registry.yarnpkg.com/ienoopen/-/ienoopen-1.0.0.tgz#346a428f474aac8f50cf3784ea2d0f16f62bda6b"
@@ -5575,6 +5536,10 @@ pkginfo@0.x.x:
5575 version "0.4.1" 5536 version "0.4.1"
5576 resolved "https://registry.yarnpkg.com/pkginfo/-/pkginfo-0.4.1.tgz#b5418ef0439de5425fc4995042dced14fb2a84ff" 5537 resolved "https://registry.yarnpkg.com/pkginfo/-/pkginfo-0.4.1.tgz#b5418ef0439de5425fc4995042dced14fb2a84ff"
5577 5538
5539platform@1.3.5:
5540 version "1.3.5"
5541 resolved "https://registry.yarnpkg.com/platform/-/platform-1.3.5.tgz#fb6958c696e07e2918d2eeda0f0bc9448d733444"
5542
5578please-upgrade-node@^3.0.2, please-upgrade-node@^3.1.1: 5543please-upgrade-node@^3.0.2, please-upgrade-node@^3.1.1:
5579 version "3.1.1" 5544 version "3.1.1"
5580 resolved "https://registry.yarnpkg.com/please-upgrade-node/-/please-upgrade-node-3.1.1.tgz#ed320051dfcc5024fae696712c8288993595e8ac" 5545 resolved "https://registry.yarnpkg.com/please-upgrade-node/-/please-upgrade-node-3.1.1.tgz#ed320051dfcc5024fae696712c8288993595e8ac"
@@ -5788,14 +5753,6 @@ qs@6.5.2, qs@^6.1.0, qs@^6.4.0, qs@^6.5.1, qs@~6.5.1:
5788 version "6.5.2" 5753 version "6.5.2"
5789 resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.2.tgz#cb3ae806e8740444584ef154ce8ee98d403f3e36" 5754 resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.2.tgz#cb3ae806e8740444584ef154ce8ee98d403f3e36"
5790 5755
5791qs@~0.5.2:
5792 version "0.5.6"
5793 resolved "https://registry.yarnpkg.com/qs/-/qs-0.5.6.tgz#31b1ad058567651c526921506b9a8793911a0384"
5794
5795qs@~6.3.0:
5796 version "6.3.2"
5797 resolved "https://registry.yarnpkg.com/qs/-/qs-6.3.2.tgz#e75bd5f6e268122a2a0e0bda630b2550c166502c"
5798
5799qs@~6.4.0: 5756qs@~6.4.0:
5800 version "6.4.0" 5757 version "6.4.0"
5801 resolved "https://registry.yarnpkg.com/qs/-/qs-6.4.0.tgz#13e26d28ad6b0ffaa91312cd3bf708ed351e7233" 5758 resolved "https://registry.yarnpkg.com/qs/-/qs-6.4.0.tgz#13e26d28ad6b0ffaa91312cd3bf708ed351e7233"
@@ -6198,10 +6155,6 @@ rimraf@2, rimraf@2.x.x, rimraf@^2.2.8, rimraf@^2.4.2, rimraf@^2.5.1, rimraf@^2.5
6198 dependencies: 6155 dependencies:
6199 glob "^7.0.5" 6156 glob "^7.0.5"
6200 6157
6201rimraf@~2.2.8:
6202 version "2.2.8"
6203 resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-2.2.8.tgz#e439be2aaee327321952730f99a8929e4fc50582"
6204
6205run-async@^0.1.0: 6158run-async@^0.1.0:
6206 version "0.1.0" 6159 version "0.1.0"
6207 resolved "https://registry.yarnpkg.com/run-async/-/run-async-0.1.0.tgz#c8ad4a5e110661e402a7d21b530e009f25f8e389" 6160 resolved "https://registry.yarnpkg.com/run-async/-/run-async-0.1.0.tgz#c8ad4a5e110661e402a7d21b530e009f25f8e389"
@@ -6518,10 +6471,6 @@ shimmer@^1.1.0:
6518 version "1.2.0" 6471 version "1.2.0"
6519 resolved "https://registry.yarnpkg.com/shimmer/-/shimmer-1.2.0.tgz#f966f7555789763e74d8841193685a5e78736665" 6472 resolved "https://registry.yarnpkg.com/shimmer/-/shimmer-1.2.0.tgz#f966f7555789763e74d8841193685a5e78736665"
6520 6473
6521sigmund@~1.0.0:
6522 version "1.0.1"
6523 resolved "https://registry.yarnpkg.com/sigmund/-/sigmund-1.0.1.tgz#3ff21f198cad2175f9f3b781853fd94d0d19b590"
6524
6525signal-exit@^3.0.0, signal-exit@^3.0.2: 6474signal-exit@^3.0.0, signal-exit@^3.0.2:
6526 version "3.0.2" 6475 version "3.0.2"
6527 resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.2.tgz#b5fdc08f1287ea1178628e415e25132b73646c6d" 6476 resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.2.tgz#b5fdc08f1287ea1178628e415e25132b73646c6d"
@@ -6987,12 +6936,6 @@ stringstream@~0.0.4:
6987 version "0.0.6" 6936 version "0.0.6"
6988 resolved "https://registry.yarnpkg.com/stringstream/-/stringstream-0.0.6.tgz#7880225b0d4ad10e30927d167a1d6f2fd3b33a72" 6937 resolved "https://registry.yarnpkg.com/stringstream/-/stringstream-0.0.6.tgz#7880225b0d4ad10e30927d167a1d6f2fd3b33a72"
6989 6938
6990strip-ansi@^0.3.0:
6991 version "0.3.0"
6992 resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-0.3.0.tgz#25f48ea22ca79187f3174a4db8759347bb126220"
6993 dependencies:
6994 ansi-regex "^0.2.1"
6995
6996strip-ansi@^3.0.0, strip-ansi@^3.0.1: 6939strip-ansi@^3.0.0, strip-ansi@^3.0.1:
6997 version "3.0.1" 6940 version "3.0.1"
6998 resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-3.0.1.tgz#6a385fb8853d952d5ff05d0e8aaf94278dc63dcf" 6941 resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-3.0.1.tgz#6a385fb8853d952d5ff05d0e8aaf94278dc63dcf"
@@ -7076,10 +7019,6 @@ supports-color@5.4.0, supports-color@^5.2.0, supports-color@^5.3.0:
7076 dependencies: 7019 dependencies:
7077 has-flag "^3.0.0" 7020 has-flag "^3.0.0"
7078 7021
7079supports-color@^0.2.0:
7080 version "0.2.0"
7081 resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-0.2.0.tgz#d92de2694eb3f67323973d7ae3d8b55b4c22190a"
7082
7083supports-color@^2.0.0: 7022supports-color@^2.0.0:
7084 version "2.0.0" 7023 version "2.0.0"
7085 resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-2.0.0.tgz#535d045ce6b6363fa40117084629995e9df324c7" 7024 resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-2.0.0.tgz#535d045ce6b6363fa40117084629995e9df324c7"
@@ -7421,10 +7360,6 @@ tunnel-agent@^0.6.0:
7421 dependencies: 7360 dependencies:
7422 safe-buffer "^5.0.1" 7361 safe-buffer "^5.0.1"
7423 7362
7424tunnel-agent@~0.4.1:
7425 version "0.4.3"
7426 resolved "https://registry.yarnpkg.com/tunnel-agent/-/tunnel-agent-0.4.3.tgz#6373db76909fe570e08d73583365ed828a74eeeb"
7427
7428tv4@~1.2.7: 7363tv4@~1.2.7:
7429 version "1.2.7" 7364 version "1.2.7"
7430 resolved "https://registry.yarnpkg.com/tv4/-/tv4-1.2.7.tgz#bd29389afc73ade49ae5f48142b5d544bf68d120" 7365 resolved "https://registry.yarnpkg.com/tv4/-/tv4-1.2.7.tgz#bd29389afc73ade49ae5f48142b5d544bf68d120"
@@ -7509,10 +7444,6 @@ undefsafe@^2.0.2:
7509 dependencies: 7444 dependencies:
7510 debug "^2.2.0" 7445 debug "^2.2.0"
7511 7446
7512underscore.string@~2.2.1:
7513 version "2.2.1"
7514 resolved "https://registry.yarnpkg.com/underscore.string/-/underscore.string-2.2.1.tgz#d7c0fa2af5d5a1a67f4253daee98132e733f0f19"
7515
7516underscore.string@~2.3.3: 7447underscore.string@~2.3.3:
7517 version "2.3.3" 7448 version "2.3.3"
7518 resolved "https://registry.yarnpkg.com/underscore.string/-/underscore.string-2.3.3.tgz#71c08bf6b428b1133f37e78fa3a21c82f7329b0d" 7449 resolved "https://registry.yarnpkg.com/underscore.string/-/underscore.string-2.3.3.tgz#71c08bf6b428b1133f37e78fa3a21c82f7329b0d"
@@ -7528,10 +7459,6 @@ underscore@^1.7.0:
7528 version "1.9.1" 7459 version "1.9.1"
7529 resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.9.1.tgz#06dce34a0e68a7babc29b365b8e74b8925203961" 7460 resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.9.1.tgz#06dce34a0e68a7babc29b365b8e74b8925203961"
7530 7461
7531underscore@~1.7.0:
7532 version "1.7.0"
7533 resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.7.0.tgz#6bbaf0877500d36be34ecaa584e0db9fef035209"
7534
7535union-value@^1.0.0: 7462union-value@^1.0.0:
7536 version "1.0.0" 7463 version "1.0.0"
7537 resolved "https://registry.yarnpkg.com/union-value/-/union-value-1.0.0.tgz#5c71c34cb5bad5dcebe3ea0cd08207ba5aa1aea4" 7464 resolved "https://registry.yarnpkg.com/union-value/-/union-value-1.0.0.tgz#5c71c34cb5bad5dcebe3ea0cd08207ba5aa1aea4"
@@ -7806,10 +7733,6 @@ which@1, which@^1.1.1, which@^1.2.10, which@^1.2.4, which@^1.2.9, which@~1.3.0:
7806 dependencies: 7733 dependencies:
7807 isexe "^2.0.0" 7734 isexe "^2.0.0"
7808 7735
7809which@~1.0.5:
7810 version "1.0.9"
7811 resolved "https://registry.yarnpkg.com/which/-/which-1.0.9.tgz#460c1da0f810103d0321a9b633af9e575e64486f"
7812
7813wide-align@^1.1.0: 7736wide-align@^1.1.0:
7814 version "1.1.3" 7737 version "1.1.3"
7815 resolved "https://registry.yarnpkg.com/wide-align/-/wide-align-1.1.3.tgz#ae074e6bdc0c14a431e804e624549c633b000457" 7738 resolved "https://registry.yarnpkg.com/wide-align/-/wide-align-1.1.3.tgz#ae074e6bdc0c14a431e804e624549c633b000457"