hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

closes #5574

Browse Source
v1.18.x
psychobunny 8 years ago
parent 43f8678c7a
commit 5985a8a7a3
3 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File

2
public/language/en-GB/admin/settings/advanced.json
Unescape Escape View File

@ -6,7 +6,7 @@
"headers.allow-from": "Set ALLOW-FROM to Place NodeBB in an iFrame",
"headers.powered-by": "Customise the \"Powered By\" header sent by NodeBB",
"headers.acao": "Access-Control-Allow-Origin",
"headers.acao-help": "To deny access to all sites, leave empty or set to <code>null</code>",
"headers.acao-help": "To deny access to all sites, leave empty",
"headers.acam": "Access-Control-Allow-Methods",
"headers.acah": "Access-Control-Allow-Headers",
"traffic-management": "Traffic Management",

5
src/middleware/headers.js
Unescape Escape View File

@ -7,11 +7,14 @@ module.exports = function (middleware) {
var headers = {
'X-Powered-By': encodeURI(meta.config['powered-by'] || 'NodeBB'),
'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + encodeURI(meta.config['allow-from-uri']) : 'SAMEORIGIN',
'Access-Control-Allow-Origin': encodeURI(meta.config['access-control-allow-origin'] || 'null'),
'Access-Control-Allow-Methods': encodeURI(meta.config['access-control-allow-methods'] || ''),
'Access-Control-Allow-Headers': encodeURI(meta.config['access-control-allow-headers'] || ''),
};
if (meta.config['access-control-allow-origin']) {
headers['Access-Control-Allow-Origin'] = encodeURI(meta.config['access-control-allow-origin']);
}
for (var key in headers) {
if (headers.hasOwnProperty(key) && headers[key]) {
res.setHeader(key, headers[key]);

2
src/views/admin/settings/advanced.tpl
Unescape Escape View File

@ -35,7 +35,7 @@
</div>
<div class="form-group">
<label for="access-control-allow-origin">[[admin/settings/advanced:headers.acao]]</label>
<input class="form-control" id="access-control-allow-origin" type="text" placeholder="null" value="null" data-field="access-control-allow-origin" /><br />
<input class="form-control" id="access-control-allow-origin" type="text" placeholder="" value="" data-field="access-control-allow-origin" /><br />
<p class="help-block">
[[admin/settings/advanced:headers.acao-help]]
</p>

Write Preview
Loading…
Cancel
Save