paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-10-23 16:14:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

webpack: Disable cross-origin-header-check middleware.

Browse Source 
This middleware in webpack-dev-server 5.2.1 appears to be intended to
plug some undisclosed browser-specific vulnerability that allows
stealing code from closed-source projects.

https://github.com/webpack/webpack-dev-server/issues/5446#issuecomment-2768816082
https://github.com/webpack/webpack-dev-server/issues/5446#issuecomment-2772150109

Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg
2025-04-15 15:37:14 -07:00
committed by Anders Kaseorg
parent 0f2f795fe0
commit c40bd39a01
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
web/webpack.config.ts
View File

@@ -255,6 +255,8 @@ const config = (
"Access-Control-Allow-Origin": "*", "Access-Control-Allow-Origin": "*",
"Timing-Allow-Origin": "*", "Timing-Allow-Origin": "*",
}, },
setupMiddlewares: (middlewares) =>
middlewares.filter((middleware) => middleware.name !== "cross-origin-header-check"),
}, },
infrastructureLogging: { infrastructureLogging: {
level: "warn", level: "warn",