Skip to content

Commit

Permalink
Merge branch 'develop' into chore/move-portals
Browse files Browse the repository at this point in the history
  • Loading branch information
@dougfabris
dougfabris authored Apr 2, 2024
2 parents 7d92533 + fc97aed commit 32f71d7
Showing 1 changed file with 17 additions and 3 deletions.
20 changes: 17 additions & 3 deletions apps/meteor/app/cors/server/cors.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,28 @@ type NextFunction = (err?: any) => void;

const logger = new Logger('CORS');

let templatePromise: Promise<void> | void;

declare module 'meteor/webapp' {
// eslint-disable-next-line @typescript-eslint/no-namespace
namespace WebApp {
function setInlineScriptsAllowed(allowed: boolean): Promise<void>;
}
}

settings.watch<boolean>(
'Enable_CSP',
Meteor.bindEnvironment((enabled) => {
WebAppInternals.setInlineScriptsAllowed(!enabled);
Meteor.bindEnvironment(async (enabled) => {
templatePromise = WebAppInternals.setInlineScriptsAllowed(!enabled);
}),
);

WebApp.rawConnectHandlers.use((_req: http.IncomingMessage, res: http.ServerResponse, next: NextFunction) => {
WebApp.rawConnectHandlers.use(async (_req: http.IncomingMessage, res: http.ServerResponse, next: NextFunction) => {
if (templatePromise) {
await templatePromise;
templatePromise = void 0;
}

// XSS Protection for old browsers (IE)
res.setHeader('X-XSS-Protection', '1');

Expand Down

0 comments on commit 32f71d7

Please sign in to comment.