From: Lucien A Date: Wed, 11 Mar 2020 07:46:03 +0000 (+0100) Subject: Fix CSP issue on WebFinger service (#2541) X-Git-Tag: v2.2.0-rc.1~383 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=9878d1ac63682ba58ace4cbe8b1878fa77c58acb;p=oweals%2Fpeertube.git Fix CSP issue on WebFinger service (#2541) * Fix CSP issue on WebFinger service WebFinger RFC states that CSP should allow any origin to access WebFinger resources. * Update webfinger.ts --- diff --git a/server/controllers/webfinger.ts b/server/controllers/webfinger.ts index 77c851880..5c308d9ad 100644 --- a/server/controllers/webfinger.ts +++ b/server/controllers/webfinger.ts @@ -1,9 +1,12 @@ +import * as cors from 'cors' import * as express from 'express' import { asyncMiddleware } from '../middlewares' import { webfingerValidator } from '../middlewares/validators' const webfingerRouter = express.Router() +webfingerRouter.use(cors()) + webfingerRouter.get('/.well-known/webfinger', asyncMiddleware(webfingerValidator), webfingerController