homelab/docuseal
1
0
Fork 0
mirror of https://github.com/docusealco/docuseal.git synced 2026-06-23 04:10:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

add security headers

Browse Source
This commit is contained in:
Pete Matsyburka
2026-05-18 16:11:16 +03:00
parent 7fe56941fd
commit 6806772346
4 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/controllers/api/active_storage_blobs_proxy_controller.rb
+1
View File
@@ -9,6 +9,7 @@ module Api
before_action :set_cors_headers
before_action :set_noindex_headers
before_action :set_security_headers
def show
blob_uuid, purp, exp = ApplicationRecord.signed_id_verifier.verified(params[:signed_uuid])
app/controllers/api/active_storage_blobs_proxy_legacy_controller.rb
+1
View File
@@ -9,6 +9,7 @@ module Api
before_action :set_cors_headers
before_action :set_noindex_headers
before_action :set_security_headers
# rubocop:disable Metrics
def show
app/controllers/api/api_base_controller.rb
+4
View File
@@ -102,6 +102,10 @@ module Api
headers['X-Robots-Tag'] = 'noindex'
end
def set_security_headers
response.headers['X-Content-Type-Options'] = 'nosniff'
end
def set_cors_headers
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, GET, PUT, PATCH, DELETE, OPTIONS'
config/application.rb
+8
View File
@@ -25,6 +25,14 @@ module DocuSeal
config.active_storage.draw_routes = ENV['MULTITENANT'] != 'true'
config.active_storage.content_types_to_serve_as_binary += %w[
application/javascript
text/javascript
application/ecmascript
text/ecmascript
application/wasm
]
config.i18n.available_locales = %i[en en-US en-GB es-ES fr-FR pt-PT de-DE it-IT nl-NL
es it de fr nl pl uk cs pt he ar ko ja]
config.i18n.fallbacks = [:en]