mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-18 17:25:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Move letter-avatars into own request

Browse source 
To prevent further weakening of our CSP policies, moving the Avatars
into a non-inline version is the way to go.

This implementation probably needs some beautification. But already fixes
the bug.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
Sheogorath 2018-04-12 13:14:42 +02:00
parent f23f403bcb
commit 69aed93282
No known key found for this signature in database
GPG key ID: 1F05CC3635CDDFFD
3 changed files with 23 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

7
lib/web/userRouter.js
View file

@ -5,6 +5,7 @@ const Router = require('express').Router
const response = require('../response')
const models = require('../models')
const logger = require('../logger')
const {generateAvatar} = require('../letter-avatars')
const UserRouter = module.exports = Router()
@ -34,3 +35,9 @@ UserRouter.get('/me', function (req, res) {
})
}
})
UserRouter.get('/user/:username/avatar.svg', function (req, res, next) {
res.setHeader('Content-Type', 'image/svg+xml')
res.setHeader('Cache-Control', 'public, max-age=86400')
res.send(generateAvatar(req.params.username))
})