aboutsummaryrefslogtreecommitdiffhomepage
path: root/server.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server.ts')
-rw-r--r--server.ts8
1 files changed, 4 insertions, 4 deletions
diff --git a/server.ts b/server.ts
index b23ec5105..104de2153 100644
--- a/server.ts
+++ b/server.ts
@@ -27,7 +27,7 @@ import { checkMissedConfig, checkFFmpeg, checkConfig, checkActivityPubUrls } fro
27 27
28// Do not use barrels because we don't want to load all modules here (we need to initialize database first) 28// Do not use barrels because we don't want to load all modules here (we need to initialize database first)
29import { logger } from './server/helpers/logger' 29import { logger } from './server/helpers/logger'
30import { API_VERSION, CONFIG, STATIC_PATHS, CACHE } from './server/initializers/constants' 30import { API_VERSION, CONFIG, STATIC_PATHS, CACHE, REMOTE_SCHEME } from './server/initializers/constants'
31 31
32const missed = checkMissedConfig() 32const missed = checkMissedConfig()
33if (missed.length !== 0) { 33if (missed.length !== 0) {
@@ -59,14 +59,14 @@ app.use(helmet({
59 }, 59 },
60 contentSecurityPolicy: { 60 contentSecurityPolicy: {
61 directives: { 61 directives: {
62 defaultSrc: ['*', 'data:', 'wss:', 'https:'], 62 defaultSrc: ['*', 'data:', REMOTE_SCHEME.WS + ':', REMOTE_SCHEME.HTTP + ':'],
63 fontSrc: ["'self'", 'data:'], 63 fontSrc: ["'self'", 'data:'],
64 frameSrc: ["'none'"], 64 frameSrc: ["'none'"],
65 mediaSrc: ['*', 'https:'], 65 mediaSrc: ['*', REMOTE_SCHEME.HTTP + ':'],
66 objectSrc: ["'none'"], 66 objectSrc: ["'none'"],
67 scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"], 67 scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
68 styleSrc: ["'self'", "'unsafe-inline'"], 68 styleSrc: ["'self'", "'unsafe-inline'"],
69 upgradeInsecureRequests: true 69 upgradeInsecureRequests: false
70 }, 70 },
71 browserSniff: false // assumes a modern browser, but allows CDN in front 71 browserSniff: false // assumes a modern browser, but allows CDN in front
72 }, 72 },