diff --git a/config/default.yaml b/config/default.yaml index d2bfae2aa..7ce345e2d 100644 --- a/config/default.yaml +++ b/config/default.yaml @@ -288,6 +288,11 @@ security: frameguard: enabled: true + # Set x-powered-by HTTP header to "PeerTube" + # Can help remote software to know this is a PeerTube instance + powered_by_header: + enabled: true + tracker: # If you disable the tracker, you disable the P2P on your PeerTube instance enabled: true diff --git a/config/production.yaml.example b/config/production.yaml.example index 0c942c5ec..877d77e01 100644 --- a/config/production.yaml.example +++ b/config/production.yaml.example @@ -286,6 +286,11 @@ security: frameguard: enabled: true + # Set x-powered-by HTTP header to "PeerTube" + # Can help remote software to know this is a PeerTube instance + powered_by_header: + enabled: true + tracker: # If you disable the tracker, you disable the P2P on your PeerTube instance enabled: true diff --git a/server.ts b/server.ts index d1ac2d092..7bab18b0c 100644 --- a/server.ts +++ b/server.ts @@ -56,8 +56,13 @@ try { app.set('trust proxy', CONFIG.TRUST_PROXY) app.use((_req, res, next) => { + // OpenTelemetry res.locals.requestStart = Date.now() + if (CONFIG.SECURITY.POWERED_BY_HEADER.ENABLED === true) { + res.setHeader('x-powered-by', 'PeerTube') + } + return next() }) diff --git a/server/initializers/checker-before-init.ts b/server/initializers/checker-before-init.ts index 8b4d49180..74fed251c 100644 --- a/server/initializers/checker-before-init.ts +++ b/server/initializers/checker-before-init.ts @@ -26,7 +26,7 @@ function checkMissedConfig () { 'user.video_quota', 'user.video_quota_daily', 'video_channels.max_per_user', 'csp.enabled', 'csp.report_only', 'csp.report_uri', - 'security.frameguard.enabled', + 'security.frameguard.enabled', 'security.powered_by_header.enabled', 'cache.previews.size', 'cache.captions.size', 'cache.torrents.size', 'admin.email', 'contact_form.enabled', 'signup.enabled', 'signup.limit', 'signup.requires_approval', 'signup.requires_email_verification', 'signup.minimum_age', 'signup.filters.cidr.whitelist', 'signup.filters.cidr.blacklist', diff --git a/server/initializers/config.ts b/server/initializers/config.ts index 9685e7bfc..7ad258f7a 100644 --- a/server/initializers/config.ts +++ b/server/initializers/config.ts @@ -236,6 +236,9 @@ const CONFIG = { SECURITY: { FRAMEGUARD: { ENABLED: config.get('security.frameguard.enabled') + }, + POWERED_BY_HEADER: { + ENABLED: config.get('security.powered_by_header.enabled') } }, TRACKER: { diff --git a/server/tests/api/server/config.ts b/server/tests/api/server/config.ts index b91519660..de7c2f6e2 100644 --- a/server/tests/api/server/config.ts +++ b/server/tests/api/server/config.ts @@ -561,15 +561,13 @@ describe('Test config', function () { }) it('Should remove the custom configuration', async function () { - this.timeout(10000) - await server.config.deleteCustomConfig() const data = await server.config.getCustomConfig() checkInitialConfig(server, data) }) - it('Should enable frameguard', async function () { + it('Should enable/disable security headers', async function () { this.timeout(25000) { @@ -580,13 +578,15 @@ describe('Test config', function () { }) expect(res.headers['x-frame-options']).to.exist + expect(res.headers['x-powered-by']).to.equal('PeerTube') } await killallServers([ server ]) const config = { security: { - frameguard: { enabled: false } + frameguard: { enabled: false }, + powered_by_header: { enabled: false } } } await server.run(config) @@ -599,6 +599,7 @@ describe('Test config', function () { }) expect(res.headers['x-frame-options']).to.not.exist + expect(res.headers['x-powered-by']).to.not.exist } })