mirror of
https://github.com/LemmyNet/lemmy-ui.git
synced 2024-11-26 06:11:15 +00:00
split into folder
This commit is contained in:
parent
c8ed02cead
commit
20307a7a24
3 changed files with 28 additions and 22 deletions
|
@ -10,7 +10,8 @@ import SecurityHandler from "./handlers/security-handler";
|
||||||
import ServiceWorkerHandler from "./handlers/service-worker-handler";
|
import ServiceWorkerHandler from "./handlers/service-worker-handler";
|
||||||
import ThemeHandler from "./handlers/theme-handler";
|
import ThemeHandler from "./handlers/theme-handler";
|
||||||
import ThemesListHandler from "./handlers/themes-list-handler";
|
import ThemesListHandler from "./handlers/themes-list-handler";
|
||||||
import { setCacheControl, setDefaultCsp } from "./middleware";
|
import { setCacheControl } from "./middleware/set-cache-control";
|
||||||
|
import { setDefaultCsp } from "./middleware/set-default-csp";
|
||||||
|
|
||||||
const server = express();
|
const server = express();
|
||||||
|
|
||||||
|
|
|
@ -1,20 +1,5 @@
|
||||||
import type { NextFunction, Request, Response } from "express";
|
import type { NextFunction, Request, Response } from "express";
|
||||||
import { hasJwtCookie } from "./utils/has-jwt-cookie";
|
import { hasJwtCookie } from "../utils/has-jwt-cookie";
|
||||||
|
|
||||||
export function setDefaultCsp({
|
|
||||||
res,
|
|
||||||
next,
|
|
||||||
}: {
|
|
||||||
res: Response;
|
|
||||||
next: NextFunction;
|
|
||||||
}) {
|
|
||||||
res.setHeader(
|
|
||||||
"Content-Security-Policy",
|
|
||||||
`default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data:`
|
|
||||||
);
|
|
||||||
|
|
||||||
next();
|
|
||||||
}
|
|
||||||
|
|
||||||
// Set cache-control headers. If user is logged in, set `private` to prevent storing data in
|
// Set cache-control headers. If user is logged in, set `private` to prevent storing data in
|
||||||
// shared caches (eg nginx) and leaking of private data. If user is not logged in, allow caching
|
// shared caches (eg nginx) and leaking of private data. If user is not logged in, allow caching
|
||||||
|
@ -22,11 +7,15 @@ export function setDefaultCsp({
|
||||||
// interval is rather arbitrary and could be set higher (less server load) or lower (fresher data).
|
// interval is rather arbitrary and could be set higher (less server load) or lower (fresher data).
|
||||||
//
|
//
|
||||||
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
|
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
|
||||||
export function setCacheControl(
|
export function setCacheControl({
|
||||||
req: Request,
|
res,
|
||||||
res: Response,
|
req,
|
||||||
next: NextFunction
|
next,
|
||||||
) {
|
}: {
|
||||||
|
res: Response;
|
||||||
|
req: Request;
|
||||||
|
next: NextFunction;
|
||||||
|
}) {
|
||||||
if (process.env.NODE_ENV !== "production") {
|
if (process.env.NODE_ENV !== "production") {
|
||||||
return next();
|
return next();
|
||||||
}
|
}
|
16
src/server/middleware/set-default-csp.ts
Normal file
16
src/server/middleware/set-default-csp.ts
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
import type { NextFunction, Response } from "express";
|
||||||
|
|
||||||
|
export function setDefaultCsp({
|
||||||
|
res,
|
||||||
|
next,
|
||||||
|
}: {
|
||||||
|
res: Response;
|
||||||
|
next: NextFunction;
|
||||||
|
}) {
|
||||||
|
res.setHeader(
|
||||||
|
"Content-Security-Policy",
|
||||||
|
`default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data:`
|
||||||
|
);
|
||||||
|
|
||||||
|
next();
|
||||||
|
}
|
Loading…
Reference in a new issue