mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-31 10:05:54 +03:00
Made HTTPS strict configurable.
This commit is contained in:
parent
8b3de82e6a
commit
6dd4ff69e9
@ -385,7 +385,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
|
||||
obj.db.Set(obj.common.escapeLinksFieldName(mesh));
|
||||
obj.parent.meshes[obj.dbMeshKey] = mesh;
|
||||
|
||||
if (adminUser.links == null) user.links = {};
|
||||
if (adminUser.links == null) adminUser.links = {};
|
||||
adminUser.links[obj.dbMeshKey] = { rights: 0xFFFFFFFF };
|
||||
obj.db.SetUser(adminUser);
|
||||
obj.parent.parent.DispatchEvent(['*', obj.dbMeshKey, adminUser._id], obj, { etype: 'mesh', username: adminUser.name, meshid: obj.dbMeshKey, name: meshname, mtype: 2, desc: '', action: 'createmesh', links: links, msg: 'Mesh created: ' + obj.meshid, domain: domain.id });
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "meshcentral",
|
||||
"version": "0.2.8-g",
|
||||
"version": "0.2.8-i",
|
||||
"keywords": [
|
||||
"Remote Management",
|
||||
"Intel AMT",
|
||||
|
@ -2211,8 +2211,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
// Default headers if TLS is used
|
||||
//headers = { 'Referrer-Policy': 'no-referrer', 'x-frame-options': 'SAMEORIGIN', 'X-XSS-Protection': '1; mode=block', 'X-Content-Type-Options': 'nosniff', 'Content-Security-Policy': "default-src https: wss: data: 'self';script-src https: 'unsafe-inline';style-src https: 'unsafe-inline'" };
|
||||
|
||||
// Set Strict-Transport-Security if we are using a trusted certificate or TLS offload.
|
||||
headers = { 'Strict-Transport-Security': 'max-age=31536000;includeSubDomains' };
|
||||
if (typeof obj.args.httpsstrict == 'number') {
|
||||
// Set Strict-Transport-Security if we are using a trusted certificate or TLS offload.
|
||||
headers = { 'Strict-Transport-Security': 'max-age=' + obj.args.httpsstrict + ';includeSubDomains' };
|
||||
}
|
||||
}
|
||||
if (parent.config.settings.accesscontrolalloworigin != null) { headers['Access-Control-Allow-Origin'] = parent.config.settings.accesscontrolalloworigin; }
|
||||
res.set(headers);
|
||||
|
Loading…
Reference in New Issue
Block a user