From 6beacdb80c697743e77d1440cc767d6cbe2f90d2 Mon Sep 17 00:00:00 2001 From: barisusakli Date: Wed, 23 Nov 2016 21:06:02 +0300 Subject: [PATCH] fix headers for new installs encodeURI(undefined) === "undefined" --- src/middleware/headers.js | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) diff --git a/src/middleware/headers.js b/src/middleware/headers.js index 366e4cdae8..66f0603b0d 100644 --- a/src/middleware/headers.js +++ b/src/middleware/headers.js @@ -1,31 +1,20 @@ 'use strict'; - -var _ = require('underscore'); - var meta = require('../meta'); module.exports = function (middleware) { middleware.addHeaders = function (req, res, next) { - var defaults = { - 'X-Powered-By': 'NodeBB', - 'X-Frame-Options': 'SAMEORIGIN', - 'Access-Control-Allow-Origin': 'null' // yes, string null. - }; var headers = { - 'X-Powered-By': encodeURI(meta.config['powered-by']), - 'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + encodeURI(meta.config['allow-from-uri']) : undefined, - 'Access-Control-Allow-Origin': encodeURI(meta.config['access-control-allow-origin']), - 'Access-Control-Allow-Methods': encodeURI(meta.config['access-control-allow-methods']), - 'Access-Control-Allow-Headers': encodeURI(meta.config['access-control-allow-headers']) + 'X-Powered-By': encodeURI(meta.config['powered-by'] || 'NodeBB'), + 'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + encodeURI(meta.config['allow-from-uri']) : 'SAMEORIGIN', + 'Access-Control-Allow-Origin': encodeURI(meta.config['access-control-allow-origin'] || 'null'), + 'Access-Control-Allow-Methods': encodeURI(meta.config['access-control-allow-methods'] || ''), + 'Access-Control-Allow-Headers': encodeURI(meta.config['access-control-allow-headers'] || '') }; - _.defaults(headers, defaults); - headers = _.pick(headers, Boolean); // Remove falsy headers - for (var key in headers) { - if (headers.hasOwnProperty(key)) { + if (headers.hasOwnProperty(key) && headers[key]) { res.setHeader(key, headers[key]); } }