Add x-powered-by header

This commit is contained in:
Chocobozzz 2023-02-27 09:22:59 +01:00
parent 357308ce22
commit 4765348107
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
6 changed files with 24 additions and 5 deletions

View File

@ -288,6 +288,11 @@ security:
frameguard:
enabled: true
# Set x-powered-by HTTP header to "PeerTube"
# Can help remote software to know this is a PeerTube instance
powered_by_header:
enabled: true
tracker:
# If you disable the tracker, you disable the P2P on your PeerTube instance
enabled: true

View File

@ -286,6 +286,11 @@ security:
frameguard:
enabled: true
# Set x-powered-by HTTP header to "PeerTube"
# Can help remote software to know this is a PeerTube instance
powered_by_header:
enabled: true
tracker:
# If you disable the tracker, you disable the P2P on your PeerTube instance
enabled: true

View File

@ -56,8 +56,13 @@ try {
app.set('trust proxy', CONFIG.TRUST_PROXY)
app.use((_req, res, next) => {
// OpenTelemetry
res.locals.requestStart = Date.now()
if (CONFIG.SECURITY.POWERED_BY_HEADER.ENABLED === true) {
res.setHeader('x-powered-by', 'PeerTube')
}
return next()
})

View File

@ -26,7 +26,7 @@ function checkMissedConfig () {
'user.video_quota', 'user.video_quota_daily',
'video_channels.max_per_user',
'csp.enabled', 'csp.report_only', 'csp.report_uri',
'security.frameguard.enabled',
'security.frameguard.enabled', 'security.powered_by_header.enabled',
'cache.previews.size', 'cache.captions.size', 'cache.torrents.size', 'admin.email', 'contact_form.enabled',
'signup.enabled', 'signup.limit', 'signup.requires_approval', 'signup.requires_email_verification', 'signup.minimum_age',
'signup.filters.cidr.whitelist', 'signup.filters.cidr.blacklist',

View File

@ -236,6 +236,9 @@ const CONFIG = {
SECURITY: {
FRAMEGUARD: {
ENABLED: config.get<boolean>('security.frameguard.enabled')
},
POWERED_BY_HEADER: {
ENABLED: config.get<boolean>('security.powered_by_header.enabled')
}
},
TRACKER: {

View File

@ -561,15 +561,13 @@ describe('Test config', function () {
})
it('Should remove the custom configuration', async function () {
this.timeout(10000)
await server.config.deleteCustomConfig()
const data = await server.config.getCustomConfig()
checkInitialConfig(server, data)
})
it('Should enable frameguard', async function () {
it('Should enable/disable security headers', async function () {
this.timeout(25000)
{
@ -580,13 +578,15 @@ describe('Test config', function () {
})
expect(res.headers['x-frame-options']).to.exist
expect(res.headers['x-powered-by']).to.equal('PeerTube')
}
await killallServers([ server ])
const config = {
security: {
frameguard: { enabled: false }
frameguard: { enabled: false },
powered_by_header: { enabled: false }
}
}
await server.run(config)
@ -599,6 +599,7 @@ describe('Test config', function () {
})
expect(res.headers['x-frame-options']).to.not.exist
expect(res.headers['x-powered-by']).to.not.exist
}
})