summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsyuilo <Syuilotan@yahoo.co.jp>2021-08-24 13:08:20 +0900
committersyuilo <Syuilotan@yahoo.co.jp>2021-08-24 13:08:20 +0900
commit9d3448c880c0b2b3fec2f8acf68cf4cc472ee81a (patch)
tree59c2cf87d8495408a35eda8e9b0a8b2d54792a10
parentrefactoring (diff)
downloadmisskey-9d3448c880c0b2b3fec2f8acf68cf4cc472ee81a.tar.gz
misskey-9d3448c880c0b2b3fec2f8acf68cf4cc472ee81a.tar.bz2
misskey-9d3448c880c0b2b3fec2f8acf68cf4cc472ee81a.zip
fix(server): use csp to imporve security
Diffstat
-rw-r--r--CHANGELOG.md1
-rw-r--r--src/server/file/index.ts4
-rw-r--r--src/server/proxy/index.ts4
3 files changed, 9 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8a3988d02c..5e4fbbf36f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@
- クライアントのデザインの調整
### Bugfixes
+- セキュリティの向上
## 12.89.0 (2021/08/21)
diff --git a/src/server/file/index.ts b/src/server/file/index.ts
index 9b5d8f7267..a455acd1cf 100644
--- a/src/server/file/index.ts
+++ b/src/server/file/index.ts
@@ -17,6 +17,10 @@ const _dirname = dirname(_filename);
// Init app
const app = new Koa();
app.use(cors());
+app.use(async (ctx, next) => {
+ ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
+ await next();
+});
// Init router
const router = new Router();
diff --git a/src/server/proxy/index.ts b/src/server/proxy/index.ts
index 9ef198d31b..b8993f19f8 100644
--- a/src/server/proxy/index.ts
+++ b/src/server/proxy/index.ts
@@ -10,6 +10,10 @@ import { proxyMedia } from './proxy-media';
// Init app
const app = new Koa();
app.use(cors());
+app.use(async (ctx, next) => {
+ ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
+ await next();
+});
// Init router
const router = new Router();
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-25 15:57:33 +0000