Merge pull request #4758 from appwrite/add-console-headers
fix: add headers to console
This commit is contained in:
commit
73329ad219
3 changed files with 15 additions and 1 deletions
|
@ -96,6 +96,7 @@
|
|||
## Changes
|
||||
- Released `appwrite/console` [2.0.2](https://github.com/appwrite/console/releases/tag/2.0.2)
|
||||
- Make `region` parameter optional with default for project create [#4763](https://github.com/appwrite/appwrite/pull/4763)
|
||||
- Add security headers to the console endpoint [#4758](https://github.com/appwrite/appwrite/pull/4758)
|
||||
|
||||
## Bugs
|
||||
- Fix default oauth paths [#4725](https://github.com/appwrite/appwrite/pull/4725)
|
||||
|
|
|
@ -1,8 +1,21 @@
|
|||
<?php
|
||||
|
||||
use Appwrite\Utopia\Request;
|
||||
use Appwrite\Utopia\Response;
|
||||
use Utopia\App;
|
||||
|
||||
App::init()
|
||||
->groups(['web'])
|
||||
->inject('request')
|
||||
->inject('response')
|
||||
->action(function (Request $request, Response $response) {
|
||||
$response
|
||||
->addHeader('X-Frame-Options', 'SAMEORIGIN') // Avoid console and homepage from showing in iframes
|
||||
->addHeader('X-XSS-Protection', '1; mode=block; report=/v1/xss?url=' . \urlencode($request->getURI()))
|
||||
->addHeader('X-UA-Compatible', 'IE=Edge') // Deny IE browsers from going into quirks mode
|
||||
;
|
||||
});
|
||||
|
||||
App::get('/console/*')
|
||||
->alias('/')
|
||||
->alias('auth/*')
|
||||
|
|
|
@ -6,7 +6,7 @@ use Utopia\Config\Config;
|
|||
|
||||
App::get('/versions')
|
||||
->desc('Get Version')
|
||||
->groups(['web', 'home'])
|
||||
->groups(['home'])
|
||||
->label('scope', 'public')
|
||||
->inject('response')
|
||||
->action(function (Response $response) {
|
||||
|
|
Loading…
Reference in a new issue