MyFavMirrors
/
MeshCentral
mirror of https://github.com/Ylianst/MeshCentral.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Made HTTPS strict configurable.

This commit is contained in:
Ylian Saint-Hilaire 2019-02-14 15:53:22 -08:00
parent 8b3de82e6a
commit 6dd4ff69e9
3 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
meshagent.js
View File

@ -385,7 +385,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
obj.db.Set(obj.common.escapeLinksFieldName(mesh));
obj.parent.meshes[obj.dbMeshKey] = mesh;
if (adminUser.links == null) user.links = {};
if (adminUser.links == null) adminUser.links = {};
adminUser.links[obj.dbMeshKey] = { rights: 0xFFFFFFFF };
obj.db.SetUser(adminUser);
obj.parent.parent.DispatchEvent(['*', obj.dbMeshKey, adminUser._id], obj, { etype: 'mesh', username: adminUser.name, meshid: obj.dbMeshKey, name: meshname, mtype: 2, desc: '', action: 'createmesh', links: links, msg: 'Mesh created: ' + obj.meshid, domain: domain.id });

2
package.json
View File

@ -1,6 +1,6 @@
{
"name": "meshcentral",
"version": "0.2.8-g",
"version": "0.2.8-i",
"keywords": [
"Remote Management",
"Intel AMT",

6
webserver.js
View File

@ -2211,8 +2211,10 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
// Default headers if TLS is used
//headers = { 'Referrer-Policy': 'no-referrer', 'x-frame-options': 'SAMEORIGIN', 'X-XSS-Protection': '1; mode=block', 'X-Content-Type-Options': 'nosniff', 'Content-Security-Policy': "default-src https: wss: data: 'self';script-src https: 'unsafe-inline';style-src https: 'unsafe-inline'" };
// Set Strict-Transport-Security if we are using a trusted certificate or TLS offload.
headers = { 'Strict-Transport-Security': 'max-age=31536000;includeSubDomains' };
if (typeof obj.args.httpsstrict == 'number') {
// Set Strict-Transport-Security if we are using a trusted certificate or TLS offload.
headers = { 'Strict-Transport-Security': 'max-age=' + obj.args.httpsstrict + ';includeSubDomains' };
}
}
if (parent.config.settings.accesscontrolalloworigin != null) { headers['Access-Control-Allow-Origin'] = parent.config.settings.accesscontrolalloworigin; }
res.set(headers);