api and headers
This commit is contained in:
VLE2FE
@@ -125,7 +125,7 @@ window.onload = function() {
|
||||
plugins: [
|
||||
SwaggerUIBundle.plugins.DownloadUrl
|
||||
],
|
||||
layout: 'StandaloneLayout'
|
||||
layout: "StandaloneLayout",
|
||||
});
|
||||
}
|
||||
`;
|
||||
22
src/index.ts
22
src/index.ts
@@ -8,7 +8,7 @@ import cors from 'cors';
|
||||
import api from './api';
|
||||
import db from './db';
|
||||
|
||||
// TODO: working demo branch
|
||||
// TODO: check header, also in UI
|
||||
|
||||
// tell if server is running in debug or production environment
|
||||
console.info(process.env.NODE_ENV === 'production' ? '===== PRODUCTION =====' : process.env.NODE_ENV === 'test' ? '' :'===== DEVELOPMENT =====');
|
||||
@@ -25,7 +25,7 @@ app.disable('x-powered-by');
|
||||
const port = process.env.PORT || 3000;
|
||||
|
||||
// security headers
|
||||
app.use(helmet({
|
||||
const defaultHeaderConfig = {
|
||||
contentSecurityPolicy: {
|
||||
directives: {
|
||||
defaultSrc: [`'none'`],
|
||||
@@ -33,23 +33,27 @@ app.use(helmet({
|
||||
formAction: [`'none'`],
|
||||
frameAncestors: [`'none'`]
|
||||
}
|
||||
}
|
||||
}));
|
||||
},
|
||||
frameguard: {
|
||||
action: 'deny'
|
||||
},
|
||||
permittedCrossDomainPolicies: true,
|
||||
refererPolicy: true
|
||||
};
|
||||
app.use(helmet(defaultHeaderConfig));
|
||||
// special CSP header for api-doc
|
||||
app.use('/api-doc', helmet.contentSecurityPolicy({
|
||||
...defaultHeaderConfig,
|
||||
directives: {
|
||||
defaultSrc: [`'none'`],
|
||||
scriptSrc: [`'self'`],
|
||||
connectSrc: [`'self'`],
|
||||
styleSrc: [`'self'`, `'unsafe-inline'`],
|
||||
imgSrc: [`'self'`, 'data:'],
|
||||
baseUri: [`'self'`],
|
||||
formAction: [`'none'`],
|
||||
frameAncestors: [`'none'`]
|
||||
imgSrc: [`'self'`, 'data:']
|
||||
}
|
||||
}));
|
||||
// special CSP header for the bosch-logo.svg
|
||||
app.use('/static/img/bosch-logo.svg', helmet.contentSecurityPolicy({
|
||||
...defaultHeaderConfig,
|
||||
directives: {
|
||||
styleSrc: [`'unsafe-inline'`]
|
||||
}
|
||||
|
||||
@@ -161,6 +161,26 @@ body:after {
|
||||
border-color: var(--red);
|
||||
}
|
||||
|
||||
/*clipboard button*/
|
||||
.swagger-ui .copy-to-clipboard {
|
||||
border-radius: 0;
|
||||
top: 19px;
|
||||
height: 28px;
|
||||
}
|
||||
.swagger-ui .copy-to-clipboard > button {
|
||||
position: relative;
|
||||
bottom: 3px;
|
||||
}
|
||||
.swagger-ui .curl-command .copy-to-clipboard {
|
||||
border-radius: 0;
|
||||
top: 24px;
|
||||
}
|
||||
.swagger-ui .curl-command .copy-to-clipboard > button {
|
||||
position: relative;
|
||||
bottom: 7px;
|
||||
right: 1px;
|
||||
}
|
||||
|
||||
/*download button*/
|
||||
.swagger-ui .download-contents {
|
||||
border-radius: 0;
|
||||
@@ -216,6 +236,8 @@ body:after {
|
||||
/*code*/
|
||||
.swagger-ui .opblock-body pre.microlight {
|
||||
border-radius: 0;
|
||||
background: #41444e !important;
|
||||
padding: 0.5em;
|
||||
}
|
||||
|
||||
.swagger-ui .highlight-code > .microlight {
|
||||
|
||||
Reference in New Issue
Block a user