fix(server): use csp to imporve security
This commit is contained in:
parent
dad6a77645
commit
9d3448c880
3 changed files with 9 additions and 0 deletions
|
@ -13,6 +13,7 @@
|
|||
- クライアントのデザインの調整
|
||||
|
||||
### Bugfixes
|
||||
- セキュリティの向上
|
||||
|
||||
## 12.89.0 (2021/08/21)
|
||||
|
||||
|
|
|
@ -17,6 +17,10 @@ const _dirname = dirname(_filename);
|
|||
// Init app
|
||||
const app = new Koa();
|
||||
app.use(cors());
|
||||
app.use(async (ctx, next) => {
|
||||
ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
|
||||
await next();
|
||||
});
|
||||
|
||||
// Init router
|
||||
const router = new Router();
|
||||
|
|
|
@ -10,6 +10,10 @@ import { proxyMedia } from './proxy-media';
|
|||
// Init app
|
||||
const app = new Koa();
|
||||
app.use(cors());
|
||||
app.use(async (ctx, next) => {
|
||||
ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
|
||||
await next();
|
||||
});
|
||||
|
||||
// Init router
|
||||
const router = new Router();
|
||||
|
|
Loading…
Reference in a new issue