mirror of
https://iceshrimp.dev/crimekillz/iceshrimp-161sh.git
synced 2024-11-22 04:03:49 +01:00
Add img-src
and media-src
to Content-Security-Policy
header for files and media proxy (#8188)
* add img-src and media-src to csp in file and media proxy * add csp changes to changelog * sort and remove trailing semicolon
This commit is contained in:
parent
07ab5d181b
commit
bfa5657006
@ -47,6 +47,8 @@
|
||||
|
||||
### Bugfixes
|
||||
- アップロードエラー時の処理を修正
|
||||
- Add `img-src` and `media-src` directives to `Content-Security-Policy` for
|
||||
files and media proxy
|
||||
|
||||
## 12.101.1 (2021/12/29)
|
||||
|
||||
|
@ -18,7 +18,7 @@ const _dirname = dirname(_filename);
|
||||
const app = new Koa();
|
||||
app.use(cors());
|
||||
app.use(async (ctx, next) => {
|
||||
ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
|
||||
ctx.set('Content-Security-Policy', `default-src 'none'; img-src 'self'; media-src 'self'; style-src 'unsafe-inline'`);
|
||||
await next();
|
||||
});
|
||||
|
||||
|
@ -11,7 +11,7 @@ import { proxyMedia } from './proxy-media';
|
||||
const app = new Koa();
|
||||
app.use(cors());
|
||||
app.use(async (ctx, next) => {
|
||||
ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
|
||||
ctx.set('Content-Security-Policy', `default-src 'none'; img-src 'self'; media-src 'self'; style-src 'unsafe-inline'`);
|
||||
await next();
|
||||
});
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user