mirrors/quetre
1
0
Fork 0
mirror of https://github.com/zyachel/quetre.git synced 2025-04-06 06:27:39 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: broken layout on Tor instances

Browse source 
added a new flag to optionally disable 'upgrade-insecure'requests' CSP directive which caused the breakage.
This commit is contained in:
uranuspucksaxophone 2022-09-12 16:19:45 +02:00 committed by GitHub
parent e991187f27
commit dfec2b5ebd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.env.example
View file

@ -6,4 +6,6 @@ CACHE_PERIOD=1h # duration for which static files' cached copies are valid in th
#user agent and accept header that quora will see #user agent and accept header that quora will see
#AXIOS_USER_AGENT='axios/0.26.1' #AXIOS_USER_AGENT='axios/0.26.1'
#AXIOS_ACCEPT='application/json, text/plain, */*' #AXIOS_ACCEPT='application/json, text/plain, */*'
# add any value here (e.g.: 1, true, 'por favor') if you're using any service where http is the preferred method, else leave it blank
NO_UPGRADE=

4
app.js
View file

@ -20,10 +20,12 @@ const app = express();
// 1. IMPORTANT MIDDLWARES // 1. IMPORTANT MIDDLWARES
app.use(compression()); // compressing responses app.use(compression()); // compressing responses
app.use( app.use(
helmet({ helmet({
contentSecurityPolicy: { contentSecurityPolicy: {
directives: { directives: {
'script-src': ["'self'", 'cdn.jsdelivr.net'], 'script-src': ["'self'", 'cdn.jsdelivr.net'],
'block-all-mixed-content': null, // deprecated.
'upgrade-insecure-requests': process.env.NO_UPGRADE ? null : [],
}, },
}, },
crossOriginEmbedderPolicy: false, crossOriginEmbedderPolicy: false,