aboutsummaryrefslogtreecommitdiffhomepage
path: root/server.ts
diff options
context:
space:
mode:
Diffstat (limited to 'server.ts')
-rw-r--r--server.ts31
1 files changed, 0 insertions, 31 deletions
diff --git a/server.ts b/server.ts
index 1bfec724b..efbfd3c97 100644
--- a/server.ts
+++ b/server.ts
@@ -53,39 +53,8 @@ app.set('trust proxy', CONFIG.TRUST_PROXY)
53app.use(helmet({ 53app.use(helmet({
54 frameguard: { 54 frameguard: {
55 action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts 55 action: 'deny' // we only allow it for /videos/embed, see server/controllers/client.ts
56 },
57 dnsPrefetchControl: {
58 allow: true
59 },
60 contentSecurityPolicy: {
61 directives: {
62 defaultSrc: ['*', 'data:', REMOTE_SCHEME.WS + ':', REMOTE_SCHEME.HTTP + ':'],
63 fontSrc: ["'self'", 'data:'],
64 frameSrc: ["'none'"],
65 mediaSrc: ['*', REMOTE_SCHEME.HTTP + ':'],
66 objectSrc: ["'none'"],
67 scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
68 styleSrc: ["'self'", "'unsafe-inline'"],
69 upgradeInsecureRequests: false
70 },
71 browserSniff: false // assumes a modern browser, but allows CDN in front
72 },
73 referrerPolicy: {
74 policy: 'strict-origin-when-cross-origin'
75 } 56 }
76})) 57}))
77app.use((_, res, next) => {
78 [
79 "vibrate 'none'",
80 "geolocation 'none'",
81 "camera 'none'",
82 "microphone 'none'",
83 "magnetometer 'none'",
84 "payment 'none'",
85 "accelerometer 'none'"
86 ].forEach(e => res.append('Feature-Policy', e + ';'))
87 next()
88})
89 58
90// ----------- Database ----------- 59// ----------- Database -----------
91 60