fix(server): use csp to imporve security

author: syuilo <Syuilotan@yahoo.co.jp> 2021-08-24 13:08:20 +0900
committer: syuilo <Syuilotan@yahoo.co.jp> 2021-08-24 13:08:20 +0900
commit: 9d3448c880c0b2b3fec2f8acf68cf4cc472ee81a (patch)
tree: 59c2cf87d8495408a35eda8e9b0a8b2d54792a10 /src/server
parent: refactoring (diff)
download: sharkey-9d3448c880c0b2b3fec2f8acf68cf4cc472ee81a.tar.gz
sharkey-9d3448c880c0b2b3fec2f8acf68cf4cc472ee81a.tar.bz2
sharkey-9d3448c880c0b2b3fec2f8acf68cf4cc472ee81a.zip
2 files changed, 8 insertions, 0 deletions
diff --git a/src/server/file/index.ts b/src/server/file/index.ts
index 9b5d8f7267..a455acd1cf 100644
--- a/src/server/file/index.ts
+++ b/src/server/file/index.ts
@@ -17,6 +17,10 @@ const _dirname = dirname(_filename);
 // Init app
 const app = new Koa();
 app.use(cors());
+app.use(async (ctx, next) => {
+	ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
+	await next();
+});
 
 // Init router
 const router = new Router();
diff --git a/src/server/proxy/index.ts b/src/server/proxy/index.ts
index 9ef198d31b..b8993f19f8 100644
--- a/src/server/proxy/index.ts
+++ b/src/server/proxy/index.ts
@@ -10,6 +10,10 @@ import { proxyMedia } from './proxy-media';
 // Init app
 const app = new Koa();
 app.use(cors());
+app.use(async (ctx, next) => {
+	ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
+	await next();
+});
 
 // Init router
 const router = new Router();
author	syuilo <Syuilotan@yahoo.co.jp>	2021-08-24 13:08:20 +0900
committer	syuilo <Syuilotan@yahoo.co.jp>	2021-08-24 13:08:20 +0900
commit	9d3448c880c0b2b3fec2f8acf68cf4cc472ee81a (patch)
tree	59c2cf87d8495408a35eda8e9b0a8b2d54792a10 /src/server
parent	refactoring (diff)
download	sharkey-9d3448c880c0b2b3fec2f8acf68cf4cc472ee81a.tar.gz sharkey-9d3448c880c0b2b3fec2f8acf68cf4cc472ee81a.tar.bz2 sharkey-9d3448c880c0b2b3fec2f8acf68cf4cc472ee81a.zip