mirror of
https://github.com/NodeBB/NodeBB.git
synced 2025-10-30 18:46:01 +01:00
closes #3899
This commit is contained in:
Julian Lam
@@ -71,18 +71,7 @@ module.exports = function(app) {
|
|||||||
saveUninitialized: true
|
saveUninitialized: true
|
||||||
}));
|
}));
|
||||||
|
|
||||||
app.use(function (req, res, next) {
|
app.use(middleware.addHeaders);
|
||||||
res.setHeader('X-Powered-By', 'NodeBB');
|
|
||||||
|
|
||||||
if (meta.config['allow-from-uri']) {
|
|
||||||
res.setHeader('X-Frame-Options', 'ALLOW-FROM ' + meta.config['allow-from-uri']);
|
|
||||||
} else {
|
|
||||||
res.setHeader('X-Frame-Options', 'SAMEORIGIN');
|
|
||||||
}
|
|
||||||
|
|
||||||
next();
|
|
||||||
});
|
|
||||||
|
|
||||||
app.use(middleware.processRender);
|
app.use(middleware.processRender);
|
||||||
auth.initialize(app, middleware);
|
auth.initialize(app, middleware);
|
||||||
|
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ var app,
|
|||||||
async = require('async'),
|
async = require('async'),
|
||||||
path = require('path'),
|
path = require('path'),
|
||||||
csrf = require('csurf'),
|
csrf = require('csurf'),
|
||||||
|
_ = require('underscore'),
|
||||||
|
|
||||||
validator = require('validator'),
|
validator = require('validator'),
|
||||||
nconf = require('nconf'),
|
nconf = require('nconf'),
|
||||||
@@ -64,6 +65,30 @@ middleware.pageView = function(req, res, next) {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
middleware.addHeaders = function (req, res, next) {
|
||||||
|
var defaults = {
|
||||||
|
'X-Powered-By': 'NodeBB',
|
||||||
|
'X-Frame-Options': 'SAMEORIGIN',
|
||||||
|
'Access-Control-Allow-Origin': 'null' // yes, string null.
|
||||||
|
};
|
||||||
|
var headers = {
|
||||||
|
'X-Powered-By': meta.config['powered-by'],
|
||||||
|
'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + meta.config['allow-from-uri'] : undefined,
|
||||||
|
'Access-Control-Allow-Origin': meta.config['access-control-allow-origin'],
|
||||||
|
'Access-Control-Allow-Methods': meta.config['access-control-allow-methods'],
|
||||||
|
'Access-Control-Allow-Headers': meta.config['access-control-allow-headers']
|
||||||
|
};
|
||||||
|
|
||||||
|
_.defaults(headers, defaults);
|
||||||
|
headers = _.pick(headers, Boolean); // Remove falsy headers
|
||||||
|
|
||||||
|
for(var key in headers) {
|
||||||
|
res.setHeader(key, headers[key]);
|
||||||
|
}
|
||||||
|
|
||||||
|
next();
|
||||||
|
};
|
||||||
|
|
||||||
middleware.pluginHooks = function(req, res, next) {
|
middleware.pluginHooks = function(req, res, next) {
|
||||||
async.each(plugins.loadedHooks['filter:router.page'] || [], function(hookObj, next) {
|
async.each(plugins.loadedHooks['filter:router.page'] || [], function(hookObj, next) {
|
||||||
hookObj.method(req, res, next);
|
hookObj.method(req, res, next);
|
||||||
|
|||||||
@@ -23,13 +23,40 @@
|
|||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm-2 col-xs-12 settings-header">Domain Settings</div>
|
<div class="col-sm-2 col-xs-12 settings-header">Headers</div>
|
||||||
<div class="col-sm-10 col-xs-12">
|
<div class="col-sm-10 col-xs-12">
|
||||||
<form>
|
<form>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="allow-from-uri">Set ALLOW-FROM to Place NodeBB in an iFrame:</label>
|
<label for="allow-from-uri">Set ALLOW-FROM to Place NodeBB in an iFrame</label>
|
||||||
<input class="form-control" id="allow-from-uri" type="text" placeholder="external-domain.com" data-field="allow-from-uri" /><br />
|
<input class="form-control" id="allow-from-uri" type="text" placeholder="external-domain.com" data-field="allow-from-uri" /><br />
|
||||||
</div>
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<label for="powered-by">Customise the "Powered By" header sent by NodeBB</label>
|
||||||
|
<input class="form-control" id="powered-by" type="text" placeholder="NodeBB" data-field="powered-by" /><br />
|
||||||
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<label for="access-control-allow-origin">Access-Control-Allow-Origin</label>
|
||||||
|
<input class="form-control" id="access-control-allow-origin" type="text" placeholder="null" value="null" data-field="access-control-allow-origin" /><br />
|
||||||
|
<p class="help-block">
|
||||||
|
To deny access to all sites, leave empty or set to <code>null</code>
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<label for="access-control-allow-methods">Access-Control-Allow-Methods</label>
|
||||||
|
<input class="form-control" id="access-control-allow-methods" type="text" placeholder="" data-field="access-control-allow-methods" /><br />
|
||||||
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<label for="access-control-allow-headers">Access-Control-Allow-Headers</label>
|
||||||
|
<input class="form-control" id="access-control-allow-headers" type="text" placeholder="" data-field="access-control-allow-headers" /><br />
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="row">
|
||||||
|
<div class="col-sm-2 col-xs-12 settings-header">Cookies</div>
|
||||||
|
<div class="col-sm-10 col-xs-12">
|
||||||
|
<form>
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="cookieDomain">Set domain for session cookie</label>
|
<label for="cookieDomain">Set domain for session cookie</label>
|
||||||
<input class="form-control" id="cookieDomain" type="text" placeholder=".domain.tld" data-field="cookieDomain" /><br />
|
<input class="form-control" id="cookieDomain" type="text" placeholder=".domain.tld" data-field="cookieDomain" /><br />
|
||||||
|
|||||||
Reference in New Issue
Block a user