summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--CHANGELOG.md1
-rw-r--r--src/server/file/index.ts4
-rw-r--r--src/server/proxy/index.ts4
3 files changed, 9 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8a3988d02c..5e4fbbf36f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@
- クライアントのデザインの調整
### Bugfixes
+- セキュリティの向上
## 12.89.0 (2021/08/21)
diff --git a/src/server/file/index.ts b/src/server/file/index.ts
index 9b5d8f7267..a455acd1cf 100644
--- a/src/server/file/index.ts
+++ b/src/server/file/index.ts
@@ -17,6 +17,10 @@ const _dirname = dirname(_filename);
// Init app
const app = new Koa();
app.use(cors());
+app.use(async (ctx, next) => {
+ ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
+ await next();
+});
// Init router
const router = new Router();
diff --git a/src/server/proxy/index.ts b/src/server/proxy/index.ts
index 9ef198d31b..b8993f19f8 100644
--- a/src/server/proxy/index.ts
+++ b/src/server/proxy/index.ts
@@ -10,6 +10,10 @@ import { proxyMedia } from './proxy-media';
// Init app
const app = new Koa();
app.use(cors());
+app.use(async (ctx, next) => {
+ ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
+ await next();
+});
// Init router
const router = new Router();
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-08 03:57:43 +0000