Skip to content

Commit 2590348

Browse files
davidje13davidje13
committed
Add robots.txt, security.txt, and add more security headers
1 parent 07646ac commit 2590348

File tree

7 files changed

+30
-5
lines changed

7 files changed

+30
-5
lines changed

scripts/build.sh

+1-2
Original file line numberDiff line numberDiff line change
@@ -52,8 +52,7 @@ echo 'Combining output...';
5252
rm -rf "$BUILDDIR" || true;
5353
cp -R "$BASEDIR/src/backend/build" "$BUILDDIR";
5454
rm -rf "$BUILDDIR/static" || true;
55-
mkdir -p "$BUILDDIR/static";
56-
cp -R "$BASEDIR/src/frontend/build/"* "$BUILDDIR/static";
55+
cp -R "$BASEDIR/src/frontend/build" "$BUILDDIR/static";
5756
chmod +x "$BUILDDIR/index.js";
5857

5958
echo 'Compressing static resources...';

src/backend/src/app.ts

+18
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,20 @@ const CSP = [
5151
"frame-ancestors 'none'",
5252
].join('; ');
5353

54+
const PERMISSIONS_POLICY = [
55+
'accelerometer=()',
56+
'autoplay=()',
57+
'camera=()',
58+
'geolocation=()',
59+
'gyroscope=()',
60+
'interest-cohort=()',
61+
'magnetometer=()',
62+
'microphone=()',
63+
'payment=()',
64+
'sync-xhr=()',
65+
'usb=()',
66+
].join(', ');
67+
5468
function getHost(req: { hostname: string }): string {
5569
const raw: string = req.hostname;
5670
if (raw.includes(':')) {
@@ -109,8 +123,10 @@ export default async (config: ConfigT): Promise<App> => {
109123
res.header('x-content-type-options', 'nosniff');
110124
res.header('content-security-policy', CSP
111125
.replace(CSP_DOMAIN_PLACEHOLDER, getHost(req)));
126+
res.header('permissions-policy', PERMISSIONS_POLICY);
112127
res.header('referrer-policy', 'no-referrer');
113128
res.header('cross-origin-opener-policy', 'same-origin');
129+
res.header('cross-origin-resource-policy', 'same-origin');
114130
res.header('cross-origin-embedder-policy', 'require-corp');
115131
next();
116132
});
@@ -120,6 +136,8 @@ export default async (config: ConfigT): Promise<App> => {
120136
res.header('expires', '0');
121137
res.header('pragma', 'no-cache');
122138
res.removeHeader('content-security-policy');
139+
res.removeHeader('permissions-policy');
140+
res.removeHeader('referrer-policy');
123141
res.removeHeader('cross-origin-opener-policy');
124142
res.removeHeader('cross-origin-embedder-policy');
125143
next();

src/frontend/.neutrinorc.js

+3-3
Original file line numberDiff line numberDiff line change
@@ -52,9 +52,9 @@ module.exports = {
5252
})),
5353
copy({
5454
patterns: [{
55-
context: 'resources/assets',
56-
from: '**/*',
57-
to: 'assets',
55+
context: 'resources/static',
56+
from: '{.*/**/*,*}',
57+
to: '.',
5858
}],
5959
}),
6060
jest({

src/frontend/package-lock.json

+1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/frontend/resources/static/.well-known/security.txt

+4
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
Contact: https://github.com/davidje13/Refacto/issues
2+
Preferred-Languages: en
3+
Expires: 3000-01-01T00:00:00Z
4+
Policy: https://github.com/davidje13/Refacto/security/policy

src/frontend/resources/assets/manifest.json src/frontend/resources/static/assets/manifest.json

File renamed without changes.

src/frontend/resources/static/robots.txt

+3
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
User-agent: *
2+
Disallow: /retros/
3+
Disallow: /api/

0 commit comments

Comments
 (0)