Skip to content

Commit

Permalink
Add very bad Content-Security-Policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@hobinjk-ptc
hobinjk-ptc committed Sep 24, 2024
1 parent d29cd20 commit f9f508c
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 0 deletions.
5 changes: 5 additions & 0 deletions libraries/LocalUIApp.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,11 @@ class LocalUIApp {
this.loadResources();

this.app.use(cors());
this.app.use((req, res, next) => {
res.setHeader('Content-Security-Policy', `default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' blob: *; style-src 'self' *; frame-src 'self' *;`);
next();
});

this.app.use('/addons/sources', (req, res) => {
res.send(this.sources);
});
Expand Down
5 changes: 5 additions & 0 deletions server.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -368,6 +368,11 @@ var cheerio = require('cheerio');
// allow requests from all origins. TODO make it dependent on the local network. this is important for security
webServer.use(cors());

webServer.use((req, res, next) => {
res.setHeader('Content-Security-Policy', `default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' blob: *; style-src 'self' *; frame-src 'self' *;`);
next();
});

// Image resizing library, not available on mobile
let Jimp = null;
if (!isLightweightMobile) {
Expand Down

0 comments on commit f9f508c

Please sign in to comment.