yume/yumechi-no-kuni
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request 'more permissions-policy' (#43) from develop into master
Some checks failed
Lint / pnpm_install (push) Successful in 1m36s
Details
Publish Docker image / Build (push) Successful in 4m30s
Details
Test (production install and build) / production (22.11.0) (push) Successful in 1m6s
Details
Test (backend) / unit (22.11.0) (push) Failing after 7m25s
Details
Lint / lint (backend) (push) Successful in 2m22s
Details
Lint / lint (frontend-embed) (push) Successful in 2m9s
Details
Lint / lint (frontend) (push) Successful in 2m40s
Details
Lint / lint (frontend-shared) (push) Successful in 2m24s
Details
Lint / lint (misskey-js) (push) Successful in 2m14s
Details
Lint / lint (misskey-bubble-game) (push) Successful in 2m40s
Details
Lint / lint (misskey-reversi) (push) Successful in 2m33s
Details
Lint / typecheck (backend) (push) Successful in 2m25s
Details
Lint / typecheck (misskey-js) (push) Successful in 1m29s
Details
Lint / lint (sw) (push) Successful in 3m7s
Details
Lint / typecheck (sw) (push) Successful in 2m1s
Details

Browse source 
Reviewed-on: #43
This commit is contained in:
ゆめ 2024-11-24 11:47:08 -06:00
commit b3915f6cec
3 changed files with 12 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
packages/backend/src/server/ServerService.ts
View file

@ -278,7 +278,17 @@ export class ServerService implements OnApplicationShutdown {
// Other Security/Privacy Headers // Other Security/Privacy Headers
fastify.addHook('onRequest', (_, reply, done) => { fastify.addHook('onRequest', (_, reply, done) => {
reply.header('x-content-type-options', 'nosniff'); reply.header('x-content-type-options', 'nosniff');
reply.header('permissions-policy', 'interest-cohort=()'); // Disable FLoC reply.header('permissions-policy',
[
'interest-cohort',
'encrypted-media',
'attribution-reporting',
'geolocation', 'microphone', 'camera',
'midi', 'payment', 'usb', 'serial',
'xr-spatial-tracking'
]
.map(feature => `${feature}=()`).join(', '));
if (this.config.browserSandboxing.strictOriginReferrer) { if (this.config.browserSandboxing.strictOriginReferrer) {
reply.header('referrer-policy', 'strict-origin'); reply.header('referrer-policy', 'strict-origin');
} }

2
packages/backend/src/server/pug-filters.ts
View file

@ -7,6 +7,6 @@ export const commonPugFilters = {
throw new Error('Invalid mimeType'); throw new Error('Invalid mimeType');
} }
const dataURI = `data:${options.mimeType};base64,${Buffer.from(data).toString('base64')}`; const dataURI = `data:${options.mimeType};base64,${Buffer.from(data).toString('base64')}`;
return `<${options.tagName} data="${dataURI}"></${options.tagName}>`; return `<${options.tagName} src="${dataURI}"></${options.tagName}>`;
} }
} as const; } as const;

10
packages/backend/src/server/web/ClientServerService.ts
View file

@ -248,16 +248,6 @@ export class ClientServerService {
fastify.addHook('onRequest', makeHstsHook(host, preload)); fastify.addHook('onRequest', makeHstsHook(host, preload));
} }
// Other Security/Privacy Headers
fastify.addHook('onRequest', (_, reply, done) => {
reply.header('x-content-type-options', 'nosniff');
reply.header('permissions-policy', 'interest-cohort=()'); // Disable FLoC
if (this.config.browserSandboxing.strictOriginReferrer ?? true) {
reply.header('referrer-policy', 'strict-origin');
}
done();
});
// CSP // CSP
if (process.env.NODE_ENV === 'production') { if (process.env.NODE_ENV === 'production') {
console.debug('cspPrerenderedContent', this.config.cspPrerenderedContent); console.debug('cspPrerenderedContent', this.config.cspPrerenderedContent);