Use x-forwarded-host first to fill connect-src

This commit is contained in:
Ylian Saint-Hilaire 2020-11-28 18:55:58 -08:00
parent 5bd361f4eb
commit 4f4d20649a

View File

@ -4888,7 +4888,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
} else {
// Use default security headers
var geourl = (domain.geolocation ? ' *.openstreetmap.org' : '');
var selfurl = (' wss://' + req.headers.host);
var selfurl = req.headers['x-forwarded-host'] ? (' wss://' + req.headers['x-forwarded-host']) : (' wss://' + req.headers.host);
var headers = {
'Referrer-Policy': 'no-referrer',
'X-XSS-Protection': '1; mode=block',