summary refs log tree commit diff
path: root/src/Server.ts
diff options
context:
space:
mode:
Diffstat (limited to 'src/Server.ts')
-rw-r--r--src/Server.ts11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/Server.ts b/src/Server.ts

index f79437d5..f876a719 100644
--- a/src/Server.ts
+++ b/src/Server.ts
@@ -18,6 +18,17 @@ export class CDNServer extends Server {
 		await (db as Promise<Connection>);
 		await Config.init();
 		console.log("[Database] connected");
+		this.app.use((req, res, next) => {
+			res.set("Access-Control-Allow-Origin", "*");
+			// TODO: use better CSP policy
+			res.set(
+				"Content-security-policy",
+				"default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';"
+			);
+			res.set("Access-Control-Allow-Headers", req.header("Access-Control-Request-Headers") || "*");
+			res.set("Access-Control-Allow-Methods", req.header("Access-Control-Request-Methods") || "*");
+			next();
+		});
 
 		await this.registerRoutes(path.join(__dirname, "routes/"));
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-07-08 10:43:45 +0000