fix(server): use csp to imporve security

9d3448c8 · syuilo · dad6a776 · 9d3448c8 · 9d3448c8 · 9d3448c8
Commit 9d3448c8 authored Aug 24, 2021 by syuilo
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,7 @@
 - クライアントのデザインの調整

 ### Bugfixes
+- セキュリティの向上

 ## 12.89.0 (2021/08/21)


--- a/src/server/file/index.ts
+++ b/src/server/file/index.ts
@@ -17,6 +17,10 @@ const _dirname = dirname(_filename);
 // Init app
 const app = new Koa();
 app.use(cors());
+app.use(async (ctx, next) => {
+	ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
+	await next();
+});

 // Init router
 const router = new Router();

--- a/src/server/proxy/index.ts
+++ b/src/server/proxy/index.ts
@@ -10,6 +10,10 @@ import { proxyMedia } from './proxy-media';
 // Init app
 const app = new Koa();
 app.use(cors());
+app.use(async (ctx, next) => {
+	ctx.set('Content-Security-Policy', `default-src 'none'; style-src 'unsafe-inline'`);
+	await next();
+});

 // Init router
 const router = new Router();