Yurik has submitted this change and it was merged.
Change subject: Remove CORS & CSP Support
......................................................................
Remove CORS & CSP Support
From my understanding, there is no point to support
CORS and CSP settings in the app that is designed
for admin-only usage.
Change-Id: Id2fefdc1388b577165677cbcee816bfc28ab4664
---
M app.js
1 file changed, 3 insertions(+), 13 deletions(-)
Approvals:
Yurik: Verified; Looks good to me, approved
diff --git a/app.js b/app.js
index 0e5a230..f866804 100644
--- a/app.js
+++ b/app.js
@@ -92,19 +92,9 @@
// set the CORS and CSP headers
app.all('*', function(req, res, next) {
- if(app.conf.cors !== false) {
- res.header('access-control-allow-origin', app.conf.cors);
- res.header('access-control-allow-headers', 'accept,
x-requested-with, content-type');
- res.header('access-control-expose-headers', 'etag');
- }
- if(app.conf.csp !== false) {
- res.header('x-xss-protection', '1; mode=block');
- res.header('x-content-type-options', 'nosniff');
- res.header('x-frame-options', 'SAMEORIGIN');
- res.header('content-security-policy', app.conf.csp);
- res.header('x-content-security-policy', app.conf.csp);
- res.header('x-webkit-csp', app.conf.csp);
- }
+ //
+ // Tilerator is an admin app, there is no point to set app.conf.cors
and app.conf.csp
+ //
sUtil.initAndLogRequest(req, app);
next();
});
--
To view, visit https://gerrit.wikimedia.org/r/269591
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Id2fefdc1388b577165677cbcee816bfc28ab4664
Gerrit-PatchSet: 1
Gerrit-Project: maps/tilerator
Gerrit-Branch: master
Gerrit-Owner: Yurik <[email protected]>
Gerrit-Reviewer: CSteipp <[email protected]>
Gerrit-Reviewer: MaxSem <[email protected]>
Gerrit-Reviewer: Yurik <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
