salvacybersec/balikci
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ulaan

Browse Source
This commit is contained in:
salvacybersec
2025-11-11 07:46:58 +03:00
parent 36b62be2e1
commit 9f53a34cfb
2 changed files with 27 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
backend/src/app.js
View File

@@ -1,7 +1,7 @@
require('dotenv').config({ path: require('path').join(__dirname, '../.env') });
const express = require('express');
const session = require('express-session');
const helmet = require('helmet');
// const helmet = require('helmet'); // Geçici olarak devre dışı
const cors = require('cors');
const logger = require('./config/logger');
const sessionConfig = require('./config/session');
@@ -12,12 +12,8 @@ const { apiLimiter } = require('./middlewares/rateLimiter');
const app = express();
const PORT = process.env.PORT || 3000;
// Security middleware - CSP'yi devre dışı bırak (CORS ve mixed content sorunları için)
app.use(helmet({
contentSecurityPolicy: false, // CSP'yi tamamen kapat
crossOriginEmbedderPolicy: false,
crossOriginResourcePolicy: { policy: "cross-origin" },
}));
// Security middleware - Helmet'i tamamen kaldır (CORS ve mixed content sorunları için)
// app.use(helmet()); // Geçici olarak devre dışı
// CORS - Her yerden erişime izin ver (tüm route'larda)
app.use((req, res, next) => {
@@ -49,11 +45,19 @@ app.use(express.urlencoded({ extended: true }));
// Serve static files (landing page and frontend build)
const path = require('path');
app.use(express.static(path.join(__dirname, 'public'), {
setHeaders: (res, path) => {
// CORS headers for static files
setHeaders: (res, filePath) => {
// CORS headers for ALL static files (CSS, JS, images, etc.)
res.set('Access-Control-Allow-Origin', '*');
res.set('Access-Control-Allow-Methods', 'GET, OPTIONS');
res.set('Access-Control-Allow-Headers', 'Content-Type');
res.set('Access-Control-Allow-Headers', 'Content-Type, Accept, Origin');
res.set('Access-Control-Allow-Credentials', 'true');
// Content-Type header'larını doğru ayarla
if (filePath.endsWith('.js')) {
res.set('Content-Type', 'application/javascript; charset=utf-8');
} else if (filePath.endsWith('.css')) {
res.set('Content-Type', 'text/css; charset=utf-8');
}
}
}));