From 95df69b06cafc373f46f7a07028f843c4ee46872 Mon Sep 17 00:00:00 2001 From: Mar0xy Date: Sun, 24 Sep 2023 22:07:41 +0200 Subject: [PATCH] fix: backend issue --- .../api/mastodon/MastodonApiServerService.ts | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/packages/backend/src/server/api/mastodon/MastodonApiServerService.ts b/packages/backend/src/server/api/mastodon/MastodonApiServerService.ts index 36164e968..d39059721 100644 --- a/packages/backend/src/server/api/mastodon/MastodonApiServerService.ts +++ b/packages/backend/src/server/api/mastodon/MastodonApiServerService.ts @@ -1,6 +1,5 @@ import { Inject, Injectable } from '@nestjs/common'; import megalodon, { Entity, MegalodonInterface } from 'megalodon'; -import multipart from '@fastify/multipart'; import { IsNull } from 'typeorm'; import multer from 'fastify-multer'; import type { UsersRepository } from '@/models/_.js'; @@ -41,15 +40,20 @@ export class MastodonApiServerService { }, }); - fastify.register(multer.contentParser); - - fastify.register(multipart, { - limits: { - fileSize: this.config.maxFileSize ?? 262144000, - files: 1, - }, + fastify.addHook('onRequest', (request, reply, done) => { + reply.header('Content-Security-Policy', `default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; + script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; + connect-src * data: blob: 'unsafe-inline'; + img-src * data: blob: 'unsafe-inline'; + frame-src * data: blob: ; + style-src * data: blob: 'unsafe-inline'; + font-src * data: blob: 'unsafe-inline'; + frame-ancestors * data: blob: 'unsafe-inline';`); + done(); }); + fastify.register(multer.contentParser); + fastify.get('/v1/custom_emojis', async (_request, reply) => { const BASE_URL = `${_request.protocol}://${_request.hostname}`; const accessTokens = _request.headers.authorization;