From 69aed932820ab6175b3cdc778b152703bab81961 Mon Sep 17 00:00:00 2001
From: Sheogorath
Date: Thu, 12 Apr 2018 13:14:42 +0200
Subject: Move letter-avatars into own request

To prevent further weakening of our CSP policies, moving the Avatars
into a non-inline version is the way to go.

This implementation probably needs some beautification. But already fixes
the bug.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
---
 lib/web/userRouter.js | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'lib/web')

diff --git a/lib/web/userRouter.js b/lib/web/userRouter.js
index ecfbaf8b..963961c7 100644
--- a/lib/web/userRouter.js
+++ b/lib/web/userRouter.js
@@ -5,6 +5,7 @@ const Router = require('express').Router
 const response = require('../response')
 const models = require('../models')
 const logger = require('../logger')
+const {generateAvatar} = require('../letter-avatars')
 
 const UserRouter = module.exports = Router()
 
@@ -34,3 +35,9 @@ UserRouter.get('/me', function (req, res) {
     })
   }
 })
+
+UserRouter.get('/user/:username/avatar.svg', function (req, res, next) {
+  res.setHeader('Content-Type', 'image/svg+xml')
+  res.setHeader('Cache-Control', 'public, max-age=86400')
+  res.send(generateAvatar(req.params.username))
+})
-- 
cgit v1.2.3