Skip to content
Snippets Groups Projects
Commit 9d3448c8 authored by syuilo's avatar syuilo
Browse files

fix(server): use csp to imporve security

parent dad6a776
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
CHANGELOG.md
+ 1
0
View file @ 9d3448c8
...@@ -13,6 +13,7 @@ ...@@ -13,6 +13,7 @@
- クライアントのデザインの調整 - クライアントのデザインの調整
### Bugfixes ### Bugfixes
- セキュリティの向上
## 12.89.0 (2021/08/21) ## 12.89.0 (2021/08/21)
......
src/server/file/index.ts
+ 4
0
View file @ 9d3448c8
...@@ -17,6 +17,10 @@ const _dirname = dirname(_filename); ...@@ -17,6 +17,10 @@ const _dirname = dirname(_filename);
// Init app // Init app
const app = new Koa(); const app = new Koa();
app.use(cors()); app.use(cors());
app.use(async (ctx, next) => {
ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
await next();
});
// Init router // Init router
const router = new Router(); const router = new Router();
......
src/server/proxy/index.ts
+ 4
0
View file @ 9d3448c8
...@@ -10,6 +10,10 @@ import { proxyMedia } from './proxy-media'; ...@@ -10,6 +10,10 @@ import { proxyMedia } from './proxy-media';
// Init app // Init app
const app = new Koa(); const app = new Koa();
app.use(cors()); app.use(cors());
app.use(async (ctx, next) => {
ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
await next();
});
// Init router // Init router
const router = new Router(); const router = new Router();
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment