hcengineering/platform
1
0
Fork 0
mirror of https://github.com/hcengineering/platform.git synced 2024-12-23 19:44:59 +03:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

fix: configure csp (#7206)

Browse Source 
Signed-off-by: Alexander Onnikov <Alexander.Onnikov@xored.com>
This commit is contained in:
Alexander Onnikov 2024-11-20 23:47:26 +07:00 committed by GitHub
parent 130eb2dec0
commit 872c148288
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
server/front/src/index.ts
View File

@ -113,6 +113,7 @@ async function getFileRange (
'Accept-Ranges': 'bytes',
'Content-Length': end - start + 1,
'Content-Type': stat.contentType,
'Content-Security-Policy': "default-src 'none';",
Etag: stat.etag,
'Last-Modified': new Date(stat.modifiedOn).toISOString()
})
@ -202,6 +203,7 @@ async function getFile (
const dataStream = await ctx.with('readable', {}, (ctx) => client.get(ctx, workspace, stat._id))
res.writeHead(200, {
'Content-Type': stat.contentType,
'Content-Security-Policy': "default-src 'none';",
Etag: stat.etag,
'Last-Modified': new Date(stat.modifiedOn).toISOString(),
'Cache-Control': cacheControlValue,
@ -414,6 +416,7 @@ export function start (
res.writeHead(200, {
'accept-ranges': 'bytes',
'content-length': blobInfo.size,
'content-security-policy': "default-src 'none';",
Etag: blobInfo.etag,
'Last-Modified': new Date(blobInfo.modifiedOn).toISOString()
})

2
workers/datalake/src/blob.ts
View File

@ -291,6 +291,7 @@ function r2MetadataHeaders (head: R2Object): Headers {
'Accept-Ranges': 'bytes',
'Content-Length': head.size.toString(),
'Content-Type': head.httpMetadata.contentType ?? '',
'Content-Security-Policy': "default-src 'none';",
'Cache-Control': head.httpMetadata.cacheControl ?? cacheControl,
'Last-Modified': head.uploaded.toUTCString(),
ETag: head.httpEtag
@ -298,6 +299,7 @@ function r2MetadataHeaders (head: R2Object): Headers {
: new Headers({
'Accept-Ranges': 'bytes',
'Content-Length': head.size.toString(),
'Content-Security-Policy': "default-src 'none';",
'Cache-Control': cacheControl,
'Last-Modified': head.uploaded.toUTCString(),
ETag: head.httpEtag