This commit is contained in:
Chocobozzz 2018-07-17 18:44:47 +02:00
parent b54431049b
commit 57bf30a984
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
1 changed files with 4 additions and 4 deletions

View File

@ -27,7 +27,7 @@ import { checkMissedConfig, checkFFmpeg, checkConfig, checkActivityPubUrls } fro
// Do not use barrels because we don't want to load all modules here (we need to initialize database first)
import { logger } from './server/helpers/logger'
import { API_VERSION, CONFIG, STATIC_PATHS, CACHE } from './server/initializers/constants'
import { API_VERSION, CONFIG, STATIC_PATHS, CACHE, REMOTE_SCHEME } from './server/initializers/constants'
const missed = checkMissedConfig()
if (missed.length !== 0) {
@ -59,14 +59,14 @@ app.use(helmet({
},
contentSecurityPolicy: {
directives: {
defaultSrc: ['*', 'data:', 'wss:', 'https:'],
defaultSrc: ['*', 'data:', REMOTE_SCHEME.WS + ':', REMOTE_SCHEME.HTTP + ':'],
fontSrc: ["'self'", 'data:'],
frameSrc: ["'none'"],
mediaSrc: ['*', 'https:'],
mediaSrc: ['*', REMOTE_SCHEME.HTTP + ':'],
objectSrc: ["'none'"],
scriptSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
styleSrc: ["'self'", "'unsafe-inline'"],
upgradeInsecureRequests: true
upgradeInsecureRequests: false
},
browserSniff: false // assumes a modern browser, but allows CDN in front
},