From: Lucien A <lu.aubert84@gmail.com>
Date: Wed, 11 Mar 2020 07:46:03 +0000 (+0100)
Subject: Fix CSP issue on WebFinger service (#2541)
X-Git-Tag: v2.2.0-rc.1~383
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=9878d1ac63682ba58ace4cbe8b1878fa77c58acb;p=oweals%2Fpeertube.git

Fix CSP issue on WebFinger service (#2541)

* Fix CSP issue on WebFinger service

WebFinger RFC states that CSP should allow any origin to access WebFinger resources.

* Update webfinger.ts
---

diff --git a/server/controllers/webfinger.ts b/server/controllers/webfinger.ts
index 77c851880..5c308d9ad 100644
--- a/server/controllers/webfinger.ts
+++ b/server/controllers/webfinger.ts
@@ -1,9 +1,12 @@
+import * as cors from 'cors'
 import * as express from 'express'
 import { asyncMiddleware } from '../middlewares'
 import { webfingerValidator } from '../middlewares/validators'
 
 const webfingerRouter = express.Router()
 
+webfingerRouter.use(cors())
+
 webfingerRouter.get('/.well-known/webfinger',
   asyncMiddleware(webfingerValidator),
   webfingerController