fix(server): use csp to imporve security
This commit is contained in:
parent
dad6a77645
commit
9d3448c880
|
@ -13,6 +13,7 @@
|
||||||
- クライアントのデザインの調整
|
- クライアントのデザインの調整
|
||||||
|
|
||||||
### Bugfixes
|
### Bugfixes
|
||||||
|
- セキュリティの向上
|
||||||
|
|
||||||
## 12.89.0 (2021/08/21)
|
## 12.89.0 (2021/08/21)
|
||||||
|
|
||||||
|
|
|
@ -17,6 +17,10 @@ const _dirname = dirname(_filename);
|
||||||
// Init app
|
// Init app
|
||||||
const app = new Koa();
|
const app = new Koa();
|
||||||
app.use(cors());
|
app.use(cors());
|
||||||
|
app.use(async (ctx, next) => {
|
||||||
|
ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
|
||||||
|
await next();
|
||||||
|
});
|
||||||
|
|
||||||
// Init router
|
// Init router
|
||||||
const router = new Router();
|
const router = new Router();
|
||||||
|
|
|
@ -10,6 +10,10 @@ import { proxyMedia } from './proxy-media';
|
||||||
// Init app
|
// Init app
|
||||||
const app = new Koa();
|
const app = new Koa();
|
||||||
app.use(cors());
|
app.use(cors());
|
||||||
|
app.use(async (ctx, next) => {
|
||||||
|
ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
|
||||||
|
await next();
|
||||||
|
});
|
||||||
|
|
||||||
// Init router
|
// Init router
|
||||||
const router = new Router();
|
const router = new Router();
|
||||||
|
|
Loading…
Reference in a new issue