fix(server): use csp to imporve security

2021-08-24 13:08:20 +09:00 · 2021-08-24 13:08:20 +09:00 · 9d3448c880
parent dad6a77645
commit 9d3448c880
3 changed files with 9 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -13,6 +13,7 @@
 - クライアントのデザインの調整

 ### Bugfixes
+- セキュリティの向上

 ## 12.89.0 (2021/08/21)

--- a/src/server/file/index.ts
+++ b/src/server/file/index.ts
@ -17,6 +17,10 @@ const _dirname = dirname(_filename);
 // Init app
 const app = new Koa();
 app.use(cors());
+app.use(async (ctx, next) => {
+	ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
+	await next();
+});

 // Init router
 const router = new Router();
--- a/src/server/proxy/index.ts
+++ b/src/server/proxy/index.ts
@ -10,6 +10,10 @@ import { proxyMedia } from './proxy-media';
 // Init app
 const app = new Koa();
 app.use(cors());
+app.use(async (ctx, next) => {
+	ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
+	await next();
+});

 // Init router
 const router = new Router();