fix(docker): Disable CSP upgrade insecure requests setting

gafirst · Oct 25, 2023 · d96d80c · d96d80c
1 parent b4073f8
commit d96d80c
Show file tree

Hide file tree

Showing 6 changed files with 25 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -49,6 +49,7 @@ ci(github): Add automatic release workflow
 docs(readme): Add release instructions
 refactor(server): Move video upload to separate module
 build(docker): Add docker-compose file
+fix(client): Fix bug when uploading videos
 ```
 
 The exact format required is based on the Angular commit message format. See 

diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
@@ -0,0 +1,11 @@
+services:
+  match_uploader_dev:
+    build:
+      dockerfile: Dockerfile
+      context: .
+    ports:
+      - 8080:8080
+    volumes:
+      - ./server/settings:/home/node/app/server/settings
+      - ./server/env:/home/node/app/server/env
+      - ./server/videos:/home/node/app/server/videos
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -5,4 +5,5 @@ services:
       - 8080:8080
     volumes:
      - ./server/settings:/home/node/app/server/settings
+     - ./server/env:/home/node/app/server/env
      - ./server/videos:/home/node/app/server/videos
diff --git a/server/package.json b/server/package.json
@@ -38,7 +38,7 @@
     "fast-glob": "^3.3.1",
     "fs-extra": "^11.1.0",
     "google-auth-library": "^8.7.0",
-    "helmet": "^6.0.1",
+    "helmet": "^7.0.0",
     "inserturlparams": "^1.0.1",
     "jet-logger": "^1.3.1",
     "module-alias": "^2.2.2",

diff --git a/server/src/server.ts b/server/src/server.ts
@@ -30,7 +30,13 @@ if (EnvVars.NodeEnv === NodeEnvs.Dev) {
 
 // Security
 if (EnvVars.NodeEnv === NodeEnvs.Production) {
-  app.use(helmet());
+  app.use(helmet({
+    contentSecurityPolicy: {
+      directives: {
+        upgradeInsecureRequests: null,
+      },
+    },
+  }));
 }
 
 // Add APIs, must be after middleware

diff --git a/server/yarn.lock b/server/yarn.lock
@@ -1725,10 +1725,10 @@ has@^1.0.3:
   dependencies:
     function-bind "^1.1.1"
 
-helmet@^6.0.1:
-  version "6.2.0"
-  resolved "https://registry.yarnpkg.com/helmet/-/helmet-6.2.0.tgz#c29d62014be4c70b8ef092c9c5e54c8c26b8e16e"
-  integrity sha512-DWlwuXLLqbrIOltR6tFQXShj/+7Cyp0gLi6uAb8qMdFh/YBBFbKSgQ6nbXmScYd8emMctuthmgIa7tUfo9Rtyg==
+helmet@^7.0.0:
+  version "7.0.0"
+  resolved "https://registry.yarnpkg.com/helmet/-/helmet-7.0.0.tgz#ac3011ba82fa2467f58075afa58a49427ba6212d"
+  integrity sha512-MsIgYmdBh460ZZ8cJC81q4XJknjG567wzEmv46WOBblDb6TUd3z8/GhgmsM9pn8g2B80tAJ4m5/d3Bi1KrSUBQ==
 
 hexoid@^1.0.0:
   version "1.0.0"