From 9d3448c880c0b2b3fec2f8acf68cf4cc472ee81a Mon Sep 17 00:00:00 2001
From: syuilo <Syuilotan@yahoo.co.jp>
Date: Tue, 24 Aug 2021 13:08:20 +0900
Subject: [PATCH] fix(server): use csp to imporve security

---
 CHANGELOG.md              | 1 +
 src/server/file/index.ts  | 4 ++++
 src/server/proxy/index.ts | 4 ++++
 3 files changed, 9 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8a3988d02..5e4fbbf36 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@
 - クライアントのデザインの調整
 
 ### Bugfixes
+- セキュリティの向上
 
 ## 12.89.0 (2021/08/21)
 
diff --git a/src/server/file/index.ts b/src/server/file/index.ts
index 9b5d8f726..a455acd1c 100644
--- a/src/server/file/index.ts
+++ b/src/server/file/index.ts
@@ -17,6 +17,10 @@ const _dirname = dirname(_filename);
 // Init app
 const app = new Koa();
 app.use(cors());
+app.use(async (ctx, next) => {
+	ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
+	await next();
+});
 
 // Init router
 const router = new Router();
diff --git a/src/server/proxy/index.ts b/src/server/proxy/index.ts
index 9ef198d31..b8993f19f 100644
--- a/src/server/proxy/index.ts
+++ b/src/server/proxy/index.ts
@@ -10,6 +10,10 @@ import { proxyMedia } from './proxy-media';
 // Init app
 const app = new Koa();
 app.use(cors());
+app.use(async (ctx, next) => {
+	ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
+	await next();
+});
 
 // Init router
 const router = new Router();