refine the header fixes for chrome to avoid breaking standalone instances

2021-04-15 18:03:13 +05:30 · 2021-04-15 18:03:13 +05:30 · 3a0fe6968d
parent 8aaa44beeb
commit 3a0fe6968d
1 changed files with 9 additions and 1 deletions
--- a/server.js
+++ b/server.js
@ -43,6 +43,7 @@ var canonicalizeOrigin = function (s) {
    }

    if (typeof(config.httpSafeOrigin) !== 'string') {
+        Env.NO_SANDBOX = true;
        if (typeof(config.httpSafePort) !== 'number') {
            config.httpSafePort = config.httpPort + 1;
        }
@ -112,7 +113,14 @@ var setHeaders = (function () {

            // Don't set CSP headers on /api/config because they aren't necessary and they cause problems
            // when duplicated by NGINX in production environments
-            if (/^\/api\/(broadcast|config)/.test(req.url)) { return; }
+            if (/^\/api\/(broadcast|config)/.test(req.url)) {
+                if (!Env.NO_SANDBOX) {
+                    applyHeaderMap(res, {
+                        "Cross-Origin-Resource-Policy": 'cross-origin',
+                    });
+                }
+                return;
+            }
            applyHeaderMap(res, {
                "Cross-Origin-Resource-Policy": 'cross-origin',
            });