Buriburizaemon/nodewarden
1
0
Fork 0
mirror of https://github.com/shuaiplus/nodewarden.git synced 2026-06-20 21:00:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: enhance security headers and update content security policy in response and HTML files

Browse Source
This commit is contained in:
shuaiplus
2026-03-01 22:34:13 +08:00
committed by Shuai
parent c0683016c3
commit ace9f4f5ac
5 changed files with 19 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/utils/response.ts
+5
View File
@@ -49,6 +49,11 @@ export function applyCors(
for (const [k, v] of Object.entries(corsHeaders)) { for (const [k, v] of Object.entries(corsHeaders)) {
headers.set(k, v); headers.set(k, v);
} }
// Security headers applied to every response.
headers.set('X-Frame-Options', 'DENY');
headers.set('X-Content-Type-Options', 'nosniff');
headers.set('Referrer-Policy', 'strict-origin-when-cross-origin');
headers.set('Content-Security-Policy', "frame-ancestors 'none'");
return new Response(response.body, { return new Response(response.body, {
status: response.status, status: response.status,
statusText: response.statusText, statusText: response.statusText,
webapp/index.html
+1 -1
View File
@@ -3,7 +3,7 @@
<head> <head>
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://icons.bitwarden.net; connect-src 'self'; font-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'self';" /> <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://icons.bitwarden.net; connect-src 'self' https://cloudflareinsights.com; font-src 'self'; form-action 'self'; base-uri 'self';" />
<link rel="icon" type="image/png" href="/favicon.ico" /> <link rel="icon" type="image/png" href="/favicon.ico" />
<link rel="apple-touch-icon" href="/apple-touch-icon.png" /> <link rel="apple-touch-icon" href="/apple-touch-icon.png" />
<title>NodeWarden</title> <title>NodeWarden</title>
webapp/src/App.tsx
+3 -3
View File
@@ -1,7 +1,7 @@
import { useEffect, useMemo, useState } from 'preact/hooks'; import { useEffect, useMemo, useState } from 'preact/hooks';
import { Link, Route, Switch, useLocation } from 'wouter'; import { Link, Route, Switch, useLocation } from 'wouter';
import { useQuery } from '@tanstack/react-query'; import { useQuery } from '@tanstack/react-query';
import { CircleHelp, Lock, LogOut, Send as SendIcon, Settings as SettingsIcon, Shield, ShieldUser, Vault } from 'lucide-preact'; import { HardDriveDownload, Lock, LogOut, Send as SendIcon, Settings as SettingsIcon, Shield, ShieldUser, Vault } from 'lucide-preact';
import AuthViews from '@/components/AuthViews'; import AuthViews from '@/components/AuthViews';
import ConfirmDialog from '@/components/ConfirmDialog'; import ConfirmDialog from '@/components/ConfirmDialog';
import ToastHost from '@/components/ToastHost'; import ToastHost from '@/components/ToastHost';
@@ -978,8 +978,8 @@ export default function App() {
<span>{t('nav_device_management')}</span> <span>{t('nav_device_management')}</span>
</Link> </Link>
<Link href="/help" className={`side-link ${location === '/help' ? 'active' : ''}`}> <Link href="/help" className={`side-link ${location === '/help' ? 'active' : ''}`}>
<CircleHelp size={16} /> <HardDriveDownload size={16} />
<span>{t('nav_support_center')}</span> <span>{t('nav_backup_strategy')}</span>
</Link> </Link>
</aside> </aside>
<main className="content"> <main className="content">
webapp/src/components/HelpPage.tsx
+4 -4
View File
@@ -1,15 +1,15 @@
import { Construction } from 'lucide-preact'; import { HardDriveDownload } from 'lucide-preact';
import { t } from '@/lib/i18n'; import { t } from '@/lib/i18n';
export default function HelpPage() { export default function HelpPage() {
return ( return (
<div className="stack"> <div className="stack">
<section className="card"> <section className="card">
<h3>{t('support_title')}</h3> <h3>{t('backup_strategy_title')}</h3>
<div className="empty" style={{ minHeight: 180 }}> <div className="empty" style={{ minHeight: 180 }}>
<div style={{ textAlign: 'center' }}> <div style={{ textAlign: 'center' }}>
<Construction size={34} style={{ color: '#64748b', marginBottom: 8 }} /> <HardDriveDownload size={34} style={{ color: '#64748b', marginBottom: 8 }} />
<div>{t('support_under_construction')}</div> <div>{t('backup_strategy_under_construction')}</div>
</div> </div>
</div> </div>
</section> </section>
webapp/src/lib/i18n.ts
+6 -6
View File
@@ -9,9 +9,9 @@ const messages: Record<Locale, Record<string, string>> = {
nav_device_management: "Device Management", nav_device_management: "Device Management",
nav_my_vault: "My Vault", nav_my_vault: "My Vault",
nav_sends: "Sends", nav_sends: "Sends",
nav_support_center: "Support Center", nav_backup_strategy: "Backup Strategy",
support_title: "Support Center", backup_strategy_title: "Backup Strategy",
support_under_construction: "Under construction.", backup_strategy_under_construction: "Under construction.",
txt_access_count: "Access Count", txt_access_count: "Access Count",
txt_accessed_count_times: "Accessed {count} times", txt_accessed_count_times: "Accessed {count} times",
txt_actions: "Actions", txt_actions: "Actions",
@@ -367,9 +367,9 @@ const zhCNOverrides: Record<string, string> = {
nav_admin_panel: '管理面板', nav_admin_panel: '管理面板',
nav_account_settings: '账户设置', nav_account_settings: '账户设置',
nav_device_management: '设备管理', nav_device_management: '设备管理',
nav_support_center: '支持中心', nav_backup_strategy: '备份策略',
support_title: '支持中心', backup_strategy_title: '备份策略',
support_under_construction: '正在搭建中', backup_strategy_under_construction: '正在搭建中',
txt_sign_out: '退出登录', txt_sign_out: '退出登录',
txt_log_in: '登录', txt_log_in: '登录',
txt_log_out: '退出', txt_log_out: '退出',