summary refs log tree commit diff
path: root/src/cdn/Server.ts
diff options
context:
space:
mode:
Diffstat (limited to 'src/cdn/Server.ts')
-rw-r--r--src/cdn/Server.ts22
1 files changed, 5 insertions, 17 deletions
diff --git a/src/cdn/Server.ts b/src/cdn/Server.ts

index 255452a0..7cead16d 100644
--- a/src/cdn/Server.ts
+++ b/src/cdn/Server.ts
@@ -43,16 +43,10 @@ export class CDNServer extends Server {
 			// TODO: use better CSP policy
 			res.set(
 				"Content-security-policy",
-				"default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';",
-			);
-			res.set(
-				"Access-Control-Allow-Headers",
-				req.header("Access-Control-Request-Headers") || "*",
-			);
-			res.set(
-				"Access-Control-Allow-Methods",
-				req.header("Access-Control-Request-Methods") || "*",
+				"default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';"
 			);
+			res.set("Access-Control-Allow-Headers", req.header("Access-Control-Request-Headers") || "*");
+			res.set("Access-Control-Allow-Methods", req.header("Access-Control-Request-Methods") || "*");
 			next();
 		});
 		this.app.use(bodyParser.json({ inflate: true, limit: "10mb" }));
@@ -95,16 +89,10 @@ export class CDNServer extends Server {
 		this.app.use("/channel-icons/", avatarsRoute);
 		this.log("verbose", "[Server] Route /channel-icons registered");
 
-		this.app.use(
-			"/guilds/:guild_id/users/:user_id/avatars",
-			guildProfilesRoute,
-		);
+		this.app.use("/guilds/:guild_id/users/:user_id/avatars", guildProfilesRoute);
 		this.log("verbose", "[Server] Route /guilds/avatars registered");
 
-		this.app.use(
-			"/guilds/:guild_id/users/:user_id/banners",
-			guildProfilesRoute,
-		);
+		this.app.use("/guilds/:guild_id/users/:user_id/banners", guildProfilesRoute);
 		this.log("verbose", "[Server] Route /guilds/banners registered");
 
 		Sentry.errorHandler(this.app);
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-06-30 22:53:34 +0000