mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-26 07:05:52 -05:00
Use x-forwarded-host first to fill connect-src
This commit is contained in:
parent
5bd361f4eb
commit
4f4d20649a
@ -4888,7 +4888,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
|
||||
} else {
|
||||
// Use default security headers
|
||||
var geourl = (domain.geolocation ? ' *.openstreetmap.org' : '');
|
||||
var selfurl = (' wss://' + req.headers.host);
|
||||
var selfurl = req.headers['x-forwarded-host'] ? (' wss://' + req.headers['x-forwarded-host']) : (' wss://' + req.headers.host);
|
||||
var headers = {
|
||||
'Referrer-Policy': 'no-referrer',
|
||||
'X-XSS-Protection': '1; mode=block',
|
||||
|
Loading…
Reference in New Issue
Block a user