diff options
| author | Sheogorath | 2018-04-12 13:14:42 +0200 |
|---|---|---|
| committer | Sheogorath | 2018-04-17 19:06:59 +0200 |
| commit | 69aed932820ab6175b3cdc778b152703bab81961 (patch) | |
| tree | 022899fb8c188e172c6424e012dcf37136e4c066 /lib/web | |
| parent | f23f403bcb990a03fe27d5d4dda491c5de89c464 (diff) | |
Move letter-avatars into own request
To prevent further weakening of our CSP policies, moving the Avatars
into a non-inline version is the way to go.
This implementation probably needs some beautification. But already fixes
the bug.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Diffstat (limited to '')
| -rw-r--r-- | lib/web/userRouter.js | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/web/userRouter.js b/lib/web/userRouter.js index ecfbaf8b..963961c7 100644 --- a/lib/web/userRouter.js +++ b/lib/web/userRouter.js @@ -5,6 +5,7 @@ const Router = require('express').Router const response = require('../response') const models = require('../models') const logger = require('../logger') +const {generateAvatar} = require('../letter-avatars') const UserRouter = module.exports = Router() @@ -34,3 +35,9 @@ UserRouter.get('/me', function (req, res) { }) } }) + +UserRouter.get('/user/:username/avatar.svg', function (req, res, next) { + res.setHeader('Content-Type', 'image/svg+xml') + res.setHeader('Cache-Control', 'public, max-age=86400') + res.send(generateAvatar(req.params.username)) +}) |