more permissions-policy
Some checks failed
Lint / pnpm_install (push) Successful in 1m46s
Test (production install and build) / production (22.11.0) (push) Successful in 1m2s
Publish Docker image / Build (push) Successful in 4m10s
Lint / lint (backend) (push) Successful in 2m32s
Lint / lint (frontend) (push) Successful in 2m7s
Lint / lint (frontend-embed) (push) Successful in 2m4s
Test (backend) / unit (22.11.0) (push) Failing after 7m50s
Lint / lint (frontend-shared) (push) Successful in 2m18s
Lint / lint (misskey-bubble-game) (push) Successful in 2m17s
Lint / lint (misskey-js) (push) Successful in 2m18s
Lint / lint (misskey-reversi) (push) Successful in 2m7s
Lint / lint (sw) (push) Successful in 2m12s
Lint / typecheck (misskey-js) (push) Successful in 1m27s
Lint / typecheck (backend) (push) Successful in 2m9s
Lint / pnpm_install (pull_request) Successful in 1m28s
Lint / typecheck (sw) (push) Successful in 2m7s
Test (production install and build) / production (22.11.0) (pull_request) Successful in 1m8s
Publish Docker image / Build (pull_request) Successful in 4m16s
Lint / lint (backend) (pull_request) Successful in 2m17s
Lint / lint (frontend) (pull_request) Successful in 2m13s
Lint / lint (frontend-embed) (pull_request) Successful in 2m5s
Lint / lint (frontend-shared) (pull_request) Successful in 2m8s
Lint / lint (misskey-bubble-game) (pull_request) Successful in 2m12s
Test (backend) / unit (22.11.0) (pull_request) Failing after 8m10s
Lint / lint (misskey-js) (pull_request) Successful in 2m16s
Lint / lint (misskey-reversi) (pull_request) Successful in 2m29s
Lint / lint (sw) (pull_request) Successful in 2m31s
Lint / typecheck (backend) (pull_request) Successful in 2m5s
Lint / typecheck (misskey-js) (pull_request) Successful in 1m47s
Lint / typecheck (sw) (pull_request) Successful in 2m16s
Some checks failed
Lint / pnpm_install (push) Successful in 1m46s
Test (production install and build) / production (22.11.0) (push) Successful in 1m2s
Publish Docker image / Build (push) Successful in 4m10s
Lint / lint (backend) (push) Successful in 2m32s
Lint / lint (frontend) (push) Successful in 2m7s
Lint / lint (frontend-embed) (push) Successful in 2m4s
Test (backend) / unit (22.11.0) (push) Failing after 7m50s
Lint / lint (frontend-shared) (push) Successful in 2m18s
Lint / lint (misskey-bubble-game) (push) Successful in 2m17s
Lint / lint (misskey-js) (push) Successful in 2m18s
Lint / lint (misskey-reversi) (push) Successful in 2m7s
Lint / lint (sw) (push) Successful in 2m12s
Lint / typecheck (misskey-js) (push) Successful in 1m27s
Lint / typecheck (backend) (push) Successful in 2m9s
Lint / pnpm_install (pull_request) Successful in 1m28s
Lint / typecheck (sw) (push) Successful in 2m7s
Test (production install and build) / production (22.11.0) (pull_request) Successful in 1m8s
Publish Docker image / Build (pull_request) Successful in 4m16s
Lint / lint (backend) (pull_request) Successful in 2m17s
Lint / lint (frontend) (pull_request) Successful in 2m13s
Lint / lint (frontend-embed) (pull_request) Successful in 2m5s
Lint / lint (frontend-shared) (pull_request) Successful in 2m8s
Lint / lint (misskey-bubble-game) (pull_request) Successful in 2m12s
Test (backend) / unit (22.11.0) (pull_request) Failing after 8m10s
Lint / lint (misskey-js) (pull_request) Successful in 2m16s
Lint / lint (misskey-reversi) (pull_request) Successful in 2m29s
Lint / lint (sw) (pull_request) Successful in 2m31s
Lint / typecheck (backend) (pull_request) Successful in 2m5s
Lint / typecheck (misskey-js) (pull_request) Successful in 1m47s
Lint / typecheck (sw) (pull_request) Successful in 2m16s
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
This commit is contained in:
parent
a3a6d2b5ba
commit
1192cffa29
2 changed files with 11 additions and 11 deletions
|
|
@ -278,7 +278,17 @@ export class ServerService implements OnApplicationShutdown {
|
|||
// Other Security/Privacy Headers
|
||||
fastify.addHook('onRequest', (_, reply, done) => {
|
||||
reply.header('x-content-type-options', 'nosniff');
|
||||
reply.header('permissions-policy', 'interest-cohort=()'); // Disable FLoC
|
||||
reply.header('permissions-policy',
|
||||
[
|
||||
'interest-cohort',
|
||||
'encrypted-media',
|
||||
'attribution-reporting',
|
||||
'geolocation', 'microphone', 'camera',
|
||||
'midi', 'payment', 'usb', 'serial',
|
||||
'xr-spatial-tracking'
|
||||
]
|
||||
.map(feature => `${feature}=()`).join(', '));
|
||||
|
||||
if (this.config.browserSandboxing.strictOriginReferrer) {
|
||||
reply.header('referrer-policy', 'strict-origin');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -248,16 +248,6 @@ export class ClientServerService {
|
|||
fastify.addHook('onRequest', makeHstsHook(host, preload));
|
||||
}
|
||||
|
||||
// Other Security/Privacy Headers
|
||||
fastify.addHook('onRequest', (_, reply, done) => {
|
||||
reply.header('x-content-type-options', 'nosniff');
|
||||
reply.header('permissions-policy', 'interest-cohort=()'); // Disable FLoC
|
||||
if (this.config.browserSandboxing.strictOriginReferrer ?? true) {
|
||||
reply.header('referrer-policy', 'strict-origin');
|
||||
}
|
||||
done();
|
||||
});
|
||||
|
||||
// CSP
|
||||
if (process.env.NODE_ENV === 'production') {
|
||||
console.debug('cspPrerenderedContent', this.config.cspPrerenderedContent);
|
||||
|
|
|
|||
Loading…
Reference in a new issue