mirror of
https://github.com/spacebarchat/server.git
synced 2024-11-22 10:22:39 +01:00
Stop sending X-Powered-By & share CORS/BodyParser
This commit is contained in:
TomatoCake
parent
3a63ae89cc
commit
342ef1b20f
@ -98,6 +98,7 @@ export class SpacebarServer extends Server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
this.app.set("json replacer", JSONReplacer);
|
this.app.set("json replacer", JSONReplacer);
|
||||||
|
this.app.disable("x-powered-by");
|
||||||
|
|
||||||
this.app.use(CORS);
|
this.app.use(CORS);
|
||||||
this.app.use(BodyParser({ inflate: true, limit: "10mb" }));
|
this.app.use(BodyParser({ inflate: true, limit: "10mb" }));
|
||||||
|
|||||||
@ -22,7 +22,8 @@ import path from "path";
|
|||||||
import avatarsRoute from "./routes/avatars";
|
import avatarsRoute from "./routes/avatars";
|
||||||
import guildProfilesRoute from "./routes/guild-profiles";
|
import guildProfilesRoute from "./routes/guild-profiles";
|
||||||
import iconsRoute from "./routes/role-icons";
|
import iconsRoute from "./routes/role-icons";
|
||||||
import bodyParser from "body-parser";
|
import { CORS } from "../api/middlewares/CORS";
|
||||||
|
import { BodyParser } from "../api/middlewares/BodyParser";
|
||||||
|
|
||||||
export type CDNServerOptions = ServerOptions;
|
export type CDNServerOptions = ServerOptions;
|
||||||
|
|
||||||
@ -38,24 +39,10 @@ export class CDNServer extends Server {
|
|||||||
await Config.init();
|
await Config.init();
|
||||||
await Sentry.init(this.app);
|
await Sentry.init(this.app);
|
||||||
|
|
||||||
this.app.use((req, res, next) => {
|
this.app.disable("x-powered-by");
|
||||||
res.set("Access-Control-Allow-Origin", "*");
|
|
||||||
// TODO: use better CSP policy
|
this.app.use(CORS);
|
||||||
res.set(
|
this.app.use(BodyParser({ inflate: true, limit: "10mb" }));
|
||||||
"Content-security-policy",
|
|
||||||
"default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';",
|
|
||||||
);
|
|
||||||
res.set(
|
|
||||||
"Access-Control-Allow-Headers",
|
|
||||||
req.header("Access-Control-Request-Headers") || "*",
|
|
||||||
);
|
|
||||||
res.set(
|
|
||||||
"Access-Control-Allow-Methods",
|
|
||||||
req.header("Access-Control-Request-Methods") || "*",
|
|
||||||
);
|
|
||||||
next();
|
|
||||||
});
|
|
||||||
this.app.use(bodyParser.json({ inflate: true, limit: "10mb" }));
|
|
||||||
|
|
||||||
await registerRoutes(this, path.join(__dirname, "routes/"));
|
await registerRoutes(this, path.join(__dirname, "routes/"));
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user