diff options
Diffstat (limited to 'src/cdn/Server.ts')
-rw-r--r-- | src/cdn/Server.ts | 22 |
1 files changed, 5 insertions, 17 deletions
diff --git a/src/cdn/Server.ts b/src/cdn/Server.ts index 255452a0..7cead16d 100644 --- a/src/cdn/Server.ts +++ b/src/cdn/Server.ts @@ -43,16 +43,10 @@ export class CDNServer extends Server { // TODO: use better CSP policy res.set( "Content-security-policy", - "default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';", - ); - res.set( - "Access-Control-Allow-Headers", - req.header("Access-Control-Request-Headers") || "*", - ); - res.set( - "Access-Control-Allow-Methods", - req.header("Access-Control-Request-Methods") || "*", + "default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';" ); + res.set("Access-Control-Allow-Headers", req.header("Access-Control-Request-Headers") || "*"); + res.set("Access-Control-Allow-Methods", req.header("Access-Control-Request-Methods") || "*"); next(); }); this.app.use(bodyParser.json({ inflate: true, limit: "10mb" })); @@ -95,16 +89,10 @@ export class CDNServer extends Server { this.app.use("/channel-icons/", avatarsRoute); this.log("verbose", "[Server] Route /channel-icons registered"); - this.app.use( - "/guilds/:guild_id/users/:user_id/avatars", - guildProfilesRoute, - ); + this.app.use("/guilds/:guild_id/users/:user_id/avatars", guildProfilesRoute); this.log("verbose", "[Server] Route /guilds/avatars registered"); - this.app.use( - "/guilds/:guild_id/users/:user_id/banners", - guildProfilesRoute, - ); + this.app.use("/guilds/:guild_id/users/:user_id/banners", guildProfilesRoute); this.log("verbose", "[Server] Route /guilds/banners registered"); Sentry.errorHandler(this.app); |