Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-06 14:05:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

closes #5574

Browse Source
This commit is contained in:
psychobunny
2017-04-06 17:56:54 -04:00
parent 5c005bbbdf
commit e121a5a798
3 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
public/language/en-GB/admin/settings/advanced.json
View File

@@ -6,7 +6,7 @@
"headers.allow-from": "Set ALLOW-FROM to Place NodeBB in an iFrame", "headers.allow-from": "Set ALLOW-FROM to Place NodeBB in an iFrame",
"headers.powered-by": "Customise the \"Powered By\" header sent by NodeBB", "headers.powered-by": "Customise the \"Powered By\" header sent by NodeBB",
"headers.acao": "Access-Control-Allow-Origin", "headers.acao": "Access-Control-Allow-Origin",
"headers.acao-help": "To deny access to all sites, leave empty or set to <code>null</code>", "headers.acao-help": "To deny access to all sites, leave empty",
"headers.acam": "Access-Control-Allow-Methods", "headers.acam": "Access-Control-Allow-Methods",
"headers.acah": "Access-Control-Allow-Headers", "headers.acah": "Access-Control-Allow-Headers",
"traffic-management": "Traffic Management", "traffic-management": "Traffic Management",

5
src/middleware/headers.js
View File

@@ -7,11 +7,14 @@ module.exports = function (middleware) {
var headers = { var headers = {
'X-Powered-By': encodeURI(meta.config['powered-by'] || 'NodeBB'), 'X-Powered-By': encodeURI(meta.config['powered-by'] || 'NodeBB'),
'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + encodeURI(meta.config['allow-from-uri']) : 'SAMEORIGIN', 'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + encodeURI(meta.config['allow-from-uri']) : 'SAMEORIGIN',
'Access-Control-Allow-Origin': encodeURI(meta.config['access-control-allow-origin'] || 'null'),
'Access-Control-Allow-Methods': encodeURI(meta.config['access-control-allow-methods'] || ''), 'Access-Control-Allow-Methods': encodeURI(meta.config['access-control-allow-methods'] || ''),
'Access-Control-Allow-Headers': encodeURI(meta.config['access-control-allow-headers'] || ''), 'Access-Control-Allow-Headers': encodeURI(meta.config['access-control-allow-headers'] || ''),
}; };
if (meta.config['access-control-allow-origin']) {
headers['Access-Control-Allow-Origin'] = encodeURI(meta.config['access-control-allow-origin']);
}
for (var key in headers) { for (var key in headers) {
if (headers.hasOwnProperty(key) && headers[key]) { if (headers.hasOwnProperty(key) && headers[key]) {
res.setHeader(key, headers[key]); res.setHeader(key, headers[key]);

2
src/views/admin/settings/advanced.tpl
View File

@@ -35,7 +35,7 @@
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="access-control-allow-origin">[[admin/settings/advanced:headers.acao]]</label> <label for="access-control-allow-origin">[[admin/settings/advanced:headers.acao]]</label>
<input class="form-control" id="access-control-allow-origin" type="text" placeholder="null" value="null" data-field="access-control-allow-origin" /><br /> <input class="form-control" id="access-control-allow-origin" type="text" placeholder="" value="" data-field="access-control-allow-origin" /><br />
<p class="help-block"> <p class="help-block">
[[admin/settings/advanced:headers.acao-help]] [[admin/settings/advanced:headers.acao-help]]
</p> </p>