LemmyNet/lemmy-ui
2
0
Fork 0
mirror of https://github.com/LemmyNet/lemmy-ui.git synced 2024-11-22 12:21:13 +00:00
Code Issues Projects Releases Wiki Activity

split into folder

Browse source
This commit is contained in:
Alec Armbruster 2023-06-30 10:18:09 -04:00
parent c8ed02cead
commit 20307a7a24
No known key found for this signature in database
GPG key ID: 52BC7C84E960FD1B
3 changed files with 28 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/server/index.tsx
View file

@ -10,7 +10,8 @@ import SecurityHandler from "./handlers/security-handler";
import ServiceWorkerHandler from "./handlers/service-worker-handler"; import ServiceWorkerHandler from "./handlers/service-worker-handler";
import ThemeHandler from "./handlers/theme-handler"; import ThemeHandler from "./handlers/theme-handler";
import ThemesListHandler from "./handlers/themes-list-handler"; import ThemesListHandler from "./handlers/themes-list-handler";
import { setCacheControl, setDefaultCsp } from "./middleware"; import { setCacheControl } from "./middleware/set-cache-control";
import { setDefaultCsp } from "./middleware/set-default-csp";
const server = express(); const server = express();

31
src/server/middleware.ts → src/server/middleware/set-cache-control.ts
View file

@ -1,20 +1,5 @@
import type { NextFunction, Request, Response } from "express"; import type { NextFunction, Request, Response } from "express";
import { hasJwtCookie } from "./utils/has-jwt-cookie"; import { hasJwtCookie } from "../utils/has-jwt-cookie";
export function setDefaultCsp({
res,
next,
}: {
res: Response;
next: NextFunction;
}) {
res.setHeader(
"Content-Security-Policy",
`default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data:`
);
next();
}
// Set cache-control headers. If user is logged in, set `private` to prevent storing data in // Set cache-control headers. If user is logged in, set `private` to prevent storing data in
// shared caches (eg nginx) and leaking of private data. If user is not logged in, allow caching // shared caches (eg nginx) and leaking of private data. If user is not logged in, allow caching
@ -22,11 +7,15 @@ export function setDefaultCsp({
// interval is rather arbitrary and could be set higher (less server load) or lower (fresher data). // interval is rather arbitrary and could be set higher (less server load) or lower (fresher data).
// //
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
export function setCacheControl( export function setCacheControl({
req: Request, res,
res: Response, req,
next: NextFunction next,
) { }: {
res: Response;
req: Request;
next: NextFunction;
}) {
if (process.env.NODE_ENV !== "production") { if (process.env.NODE_ENV !== "production") {
return next(); return next();
} }

16
src/server/middleware/set-default-csp.ts Normal file
View file

@ -0,0 +1,16 @@
import type { NextFunction, Response } from "express";
export function setDefaultCsp({
res,
next,
}: {
res: Response;
next: NextFunction;
}) {
res.setHeader(
"Content-Security-Policy",
`default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data:`
);
next();
}