forked from harvestfi/harvest-front-v3
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathserver.js
More file actions
59 lines (52 loc) · 1.69 KB
/
server.js
File metadata and controls
59 lines (52 loc) · 1.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
import express from 'express'
import helmet from 'helmet'
import path from 'path'
import { fileURLToPath } from 'url'
// __dirname replacement in ESM
const filename = fileURLToPath(import.meta.url)
const dirname = path.dirname(filename)
const builtDirectory = path.join(dirname, 'build')
const PORT = process.env.PORT || '3000'
const app = express()
app.disable('x-powered-by')
app.use(
helmet({
crossOriginEmbedderPolicy: false,
crossOriginResourcePolicy: false,
crossOriginOpenerPolicy: { policy: 'same-origin-allow-popups' },
contentSecurityPolicy: {
directives: {
frameAncestors: ['https://dapp-browser.apps.ledger.com/', 'https://app.safe.global/'],
scriptSrc: [
"'self'",
"'unsafe-inline'",
'https://static.cloudflareinsights.com',
'https://cdn.jsdelivr.net/npm/@ledgerhq/connect-kit@1',
'https://cdn.usefathom.com/script.js',
'https://tag.safary.club',
],
connectSrc: ["'self'", '*'],
imgSrc: ["'self'", 'https: data:'],
frameSrc: ["'self'", 'https://verify.walletconnect.com/'],
},
},
frameguard: false,
}),
)
// Allow cross‑origin `GET /manifest.json`
app.use('/manifest.json', (req, res, next) => {
res.set({
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'GET',
'Access-Control-Allow-Headers': 'X-Requested-With, Content-Type, Authorization',
})
next()
})
app.use(express.static(builtDirectory))
// SPA fallback: always return index.html
app.get('/{*splat}', async (req, res) => {
await res.sendFile(path.join(builtDirectory, 'index.html'))
})
app.listen(PORT, () => {
console.log(`Server started on port ${PORT}`)
})