From 6bd0848a0be2b04dec2d7fdc7bc30adedb51101e Mon Sep 17 00:00:00 2001 From: "zyn on thu.closed.social" Date: Mon, 30 Dec 2019 17:00:43 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9frame=E8=A7=84=E5=88=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/javascript/mastodon/components/media_gallery.js | 3 +-- config/environments/production.rb | 4 ++-- config/initializers/content_security_policy.rb | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/app/javascript/mastodon/components/media_gallery.js b/app/javascript/mastodon/components/media_gallery.js index e9789678ba..d306fe1eee 100644 --- a/app/javascript/mastodon/components/media_gallery.js +++ b/app/javascript/mastodon/components/media_gallery.js @@ -187,8 +187,7 @@ class Item extends React.PureComponent { ) diff --git a/config/environments/production.rb b/config/environments/production.rb index 29d6194dda..b7cee161ec 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -104,8 +104,8 @@ Rails.application.configure do config.action_mailer.delivery_method = ENV.fetch('SMTP_DELIVERY_METHOD', 'smtp').to_sym config.action_dispatch.default_headers = { - 'Server' => 'Mastodon', - 'X-Frame-Options' => 'DENY', + 'Server' => 'ClosedSocial', + 'X-Frame-Options' => 'SAMEORIGIN', 'X-Content-Type-Options' => 'nosniff', 'X-XSS-Protection' => '1; mode=block', } diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index af7d16aafc..4a10e98b96 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -19,7 +19,7 @@ media_host ||= assets_host Rails.application.config.content_security_policy do |p| p.base_uri :none p.default_src :none - p.frame_ancestors :none + p.frame_ancestors '*.closed.social', 'closed.social' p.font_src :self, assets_host p.img_src :self, :https, :data, :blob, assets_host p.style_src :self, :unsafe_inline, assets_host