1 files changed, 0 insertions, 31 deletions
diff --git a/server.ts b/server.ts
index 1bfec724b..efbfd3c97 100644
--- a/server.ts
+++ b/server.ts
@@ -53,39 +53,8 @@ app.set('trust proxy', CONFIG.TRUST_PROXY)
 app.use(helmet({
  frameguard: {
    action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts
-  },
-  dnsPrefetchControl: {
-    allow: true
-  },
-  contentSecurityPolicy: {
-    directives: {
-      defaultSrc: ['*', 'data:', REMOTE_SCHEME.WS + ':', REMOTE_SCHEME.HTTP + ':'],
-      fontSrc: ["'self'", 'data:'],
-      frameSrc: ["'none'"],
-      mediaSrc: ['*', REMOTE_SCHEME.HTTP + ':'],
-      objectSrc: ["'none'"],
-      scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
-      styleSrc: ["'self'", "'unsafe-inline'"],
-      upgradeInsecureRequests: false
-    },
-    browserSniff: false // assumes a modern browser, but allows CDN in front
-  },
-  referrerPolicy: {
-    policy: 'strict-origin-when-cross-origin'
  }
 }))
-app.use((_, res, next) => {
-  [
-    "vibrate 'none'",
-    "geolocation 'none'",
-    "camera 'none'",
-    "microphone 'none'",
-    "magnetometer 'none'",
-    "payment 'none'",
-    "accelerometer 'none'"
-  ].forEach(e => res.append('Feature-Policy', e + ';'))
-  next()
-})
 // ----------- Database -----------

diff --git a/server.ts b/server.ts index 1bfec724b..efbfd3c97 100644 --- a/server.ts +++ b/server.ts
@@ -53,39 +53,8 @@ app.set('trust proxy', CONFIG.TRUST_PROXY)
53	app.use(helmet({	53	app.use(helmet({
54	frameguard: {	54	frameguard: {
55	action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts	55	action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts
56	},
57	dnsPrefetchControl: {
58	allow: true
59	},
60	contentSecurityPolicy: {
61	directives: {
62	defaultSrc: ['*', 'data:', REMOTE_SCHEME.WS + ':', REMOTE_SCHEME.HTTP + ':'],
63	fontSrc: ["'self'", 'data:'],
64	frameSrc: ["'none'"],
65	mediaSrc: ['*', REMOTE_SCHEME.HTTP + ':'],
66	objectSrc: ["'none'"],
67	scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
68	styleSrc: ["'self'", "'unsafe-inline'"],
69	upgradeInsecureRequests: false
70	},
71	browserSniff: false // assumes a modern browser, but allows CDN in front
72	},
73	referrerPolicy: {
74	policy: 'strict-origin-when-cross-origin'
75	}	56	}
76	}))	57	}))
77	app.use((_, res, next) => {
78	[
79	"vibrate 'none'",
80	"geolocation 'none'",
81	"camera 'none'",
82	"microphone 'none'",
83	"magnetometer 'none'",
84	"payment 'none'",
85	"accelerometer 'none'"
86	].forEach(e => res.append('Feature-Policy', e + ';'))
87	next()
88	})
89		58
90	// ----------- Database -----------	59	// ----------- Database -----------
91		60