forked from FoundKeyGang/FoundKey
Add img-src
and media-src
to Content-Security-Policy
header for files and media proxy (#8188)
* add img-src and media-src to csp in file and media proxy * add csp changes to changelog * sort and remove trailing semicolon
This commit is contained in:
parent
29b33b37ee
commit
380d14f406
3 changed files with 4 additions and 2 deletions
|
@ -47,6 +47,8 @@
|
||||||
|
|
||||||
### Bugfixes
|
### Bugfixes
|
||||||
- アップロードエラー時の処理を修正
|
- アップロードエラー時の処理を修正
|
||||||
|
- Add `img-src` and `media-src` directives to `Content-Security-Policy` for
|
||||||
|
files and media proxy
|
||||||
|
|
||||||
## 12.101.1 (2021/12/29)
|
## 12.101.1 (2021/12/29)
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,7 @@ const _dirname = dirname(_filename);
|
||||||
const app = new Koa();
|
const app = new Koa();
|
||||||
app.use(cors());
|
app.use(cors());
|
||||||
app.use(async (ctx, next) => {
|
app.use(async (ctx, next) => {
|
||||||
ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
|
ctx.set('Content-Security-Policy', `default-src 'none'; img-src 'self'; media-src 'self'; style-src 'unsafe-inline'`);
|
||||||
await next();
|
await next();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,7 @@ import { proxyMedia } from './proxy-media';
|
||||||
const app = new Koa();
|
const app = new Koa();
|
||||||
app.use(cors());
|
app.use(cors());
|
||||||
app.use(async (ctx, next) => {
|
app.use(async (ctx, next) => {
|
||||||
ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
|
ctx.set('Content-Security-Policy', `default-src 'none'; img-src 'self'; media-src 'self'; style-src 'unsafe-inline'`);
|
||||||
await next();
|
await next();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue