salvacybersec/balikci
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ulaan

Browse Source
This commit is contained in:
salvacybersec
2025-11-11 07:46:58 +03:00
parent 36b62be2e1
commit 9f53a34cfb
2 changed files with 27 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
backend/src/app.js
View File

@@ -1,7 +1,7 @@
require('dotenv').config({ path: require('path').join(__dirname, '../.env') }); require('dotenv').config({ path: require('path').join(__dirname, '../.env') });
const express = require('express'); const express = require('express');
const session = require('express-session'); const session = require('express-session');
const helmet = require('helmet'); // const helmet = require('helmet'); // Geçici olarak devre dışı
const cors = require('cors'); const cors = require('cors');
const logger = require('./config/logger'); const logger = require('./config/logger');
const sessionConfig = require('./config/session'); const sessionConfig = require('./config/session');
@@ -12,12 +12,8 @@ const { apiLimiter } = require('./middlewares/rateLimiter');
const app = express(); const app = express();
const PORT = process.env.PORT || 3000; const PORT = process.env.PORT || 3000;
// Security middleware - CSP'yi devre dışı bırak (CORS ve mixed content sorunları için) // Security middleware - Helmet'i tamamen kaldır (CORS ve mixed content sorunları için)
app.use(helmet({ // app.use(helmet()); // Geçici olarak devre dışı
contentSecurityPolicy: false, // CSP'yi tamamen kapat
crossOriginEmbedderPolicy: false,
crossOriginResourcePolicy: { policy: "cross-origin" },
}));
// CORS - Her yerden erişime izin ver (tüm route'larda) // CORS - Her yerden erişime izin ver (tüm route'larda)
app.use((req, res, next) => { app.use((req, res, next) => {
@@ -49,11 +45,19 @@ app.use(express.urlencoded({ extended: true }));
// Serve static files (landing page and frontend build) // Serve static files (landing page and frontend build)
const path = require('path'); const path = require('path');
app.use(express.static(path.join(__dirname, 'public'), { app.use(express.static(path.join(__dirname, 'public'), {
setHeaders: (res, path) => { setHeaders: (res, filePath) => {
// CORS headers for static files // CORS headers for ALL static files (CSS, JS, images, etc.)
res.set('Access-Control-Allow-Origin', '*'); res.set('Access-Control-Allow-Origin', '*');
res.set('Access-Control-Allow-Methods', 'GET, OPTIONS'); res.set('Access-Control-Allow-Methods', 'GET, OPTIONS');
res.set('Access-Control-Allow-Headers', 'Content-Type'); res.set('Access-Control-Allow-Headers', 'Content-Type, Accept, Origin');
res.set('Access-Control-Allow-Credentials', 'true');
// Content-Type header'larını doğru ayarla
if (filePath.endsWith('.js')) {
res.set('Content-Type', 'application/javascript; charset=utf-8');
} else if (filePath.endsWith('.css')) {
res.set('Content-Type', 'text/css; charset=utf-8');
}
} }
})); }));

15
frontend/vite.config.js
View File

@@ -4,6 +4,17 @@ import react from '@vitejs/plugin-react'
// https://vite.dev/config/ // https://vite.dev/config/
export default defineConfig({ export default defineConfig({
plugins: [react()], plugins: [react()],
// Build output will be copied to backend in Dockerfile base: '/', // Base path - root'tan servis edilecek
// For local development, keep default dist/ directory build: {
assetsDir: 'assets',
// Relative path'ler kullan (absolute değil)
rollupOptions: {
output: {
// Asset dosyaları için relative path
assetFileNames: 'assets/[name]-[hash][extname]',
chunkFileNames: 'assets/[name]-[hash].js',
entryFileNames: 'assets/[name]-[hash].js',
},
},
},
}) })