usbharu
/
misskey
mirror of https://github.com/misskey-dev/misskey.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(server): use csp to imporve security

This commit is contained in:
syuilo 2021-08-24 13:08:20 +09:00
parent dad6a77645
commit 9d3448c880
3 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -13,6 +13,7 @@
- クライアントのデザインの調整 - クライアントのデザインの調整
### Bugfixes ### Bugfixes
- セキュリティの向上
## 12.89.0 (2021/08/21) ## 12.89.0 (2021/08/21)

4
src/server/file/index.ts
View File

@ -17,6 +17,10 @@ const _dirname = dirname(_filename);
// Init app // Init app
const app = new Koa(); const app = new Koa();
app.use(cors()); app.use(cors());
app.use(async (ctx, next) => {
ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
await next();
});
// Init router // Init router
const router = new Router(); const router = new Router();

4
src/server/proxy/index.ts
View File

@ -10,6 +10,10 @@ import { proxyMedia } from './proxy-media';
// Init app // Init app
const app = new Koa(); const app = new Koa();
app.use(cors()); app.use(cors());
app.use(async (ctx, next) => {
ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
await next();
});
// Init router // Init router
const router = new Router(); const router = new Router();