|
|
@ -43,6 +43,7 @@ var canonicalizeOrigin = function (s) {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if (typeof(config.httpSafeOrigin) !== 'string') {
|
|
|
|
if (typeof(config.httpSafeOrigin) !== 'string') {
|
|
|
|
|
|
|
|
Env.NO_SANDBOX = true;
|
|
|
|
if (typeof(config.httpSafePort) !== 'number') {
|
|
|
|
if (typeof(config.httpSafePort) !== 'number') {
|
|
|
|
config.httpSafePort = config.httpPort + 1;
|
|
|
|
config.httpSafePort = config.httpPort + 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -112,7 +113,14 @@ var setHeaders = (function () {
|
|
|
|
|
|
|
|
|
|
|
|
// Don't set CSP headers on /api/config because they aren't necessary and they cause problems
|
|
|
|
// Don't set CSP headers on /api/config because they aren't necessary and they cause problems
|
|
|
|
// when duplicated by NGINX in production environments
|
|
|
|
// when duplicated by NGINX in production environments
|
|
|
|
if (/^\/api\/(broadcast|config)/.test(req.url)) { return; }
|
|
|
|
if (/^\/api\/(broadcast|config)/.test(req.url)) {
|
|
|
|
|
|
|
|
if (!Env.NO_SANDBOX) {
|
|
|
|
|
|
|
|
applyHeaderMap(res, {
|
|
|
|
|
|
|
|
"Cross-Origin-Resource-Policy": 'cross-origin',
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
}
|
|
|
|
applyHeaderMap(res, {
|
|
|
|
applyHeaderMap(res, {
|
|
|
|
"Cross-Origin-Resource-Policy": 'cross-origin',
|
|
|
|
"Cross-Origin-Resource-Policy": 'cross-origin',
|
|
|
|
});
|
|
|
|
});
|
|
|
|