Update security headers in Apache configuration to enhance protection
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 47s
Some checks failed
Code Analysis (JS/Vue) / analyze (push) Failing after 47s
This commit removes the X-Frame-Options header in favor of using Content Security Policy (CSP) with frame-ancestors for better flexibility and modern security practices. It also adds a fallback for frame-ancestors in case CSP is not enabled. Additionally, the JavaScript middleware is updated to reflect these changes, ensuring consistent security header management across the application.
This commit is contained in:
Torsten Schulz (local)
@@ -28,15 +28,19 @@ export default defineEventHandler(async (event) => {
|
||||
|
||||
// Merge members: combine manual + registered, detect duplicates
|
||||
const mergedMembers = []
|
||||
const processedEmails = new Set()
|
||||
const processedNames = new Set()
|
||||
|
||||
// Create lookup maps for O(1) matching instead of O(n) findIndex
|
||||
const emailToIndexMap = new Map() // email -> index in mergedMembers
|
||||
const nameToIndexMap = new Map() // name -> index in mergedMembers
|
||||
|
||||
// First, add all manual members
|
||||
for (const member of manualMembers) {
|
||||
// First, add all manual members and build lookup maps
|
||||
for (let i = 0; i < manualMembers.length; i++) {
|
||||
const member = manualMembers[i]
|
||||
const normalizedEmail = member.email?.toLowerCase().trim() || ''
|
||||
const fullName = `${member.firstName || ''} ${member.lastName || ''}`.trim()
|
||||
const normalizedName = fullName.toLowerCase()
|
||||
|
||||
const memberIndex = mergedMembers.length
|
||||
mergedMembers.push({
|
||||
...member,
|
||||
name: fullName, // Computed for display
|
||||
@@ -45,8 +49,19 @@ export default defineEventHandler(async (event) => {
|
||||
hasLogin: false
|
||||
})
|
||||
|
||||
if (normalizedEmail) processedEmails.add(normalizedEmail)
|
||||
if (normalizedName) processedNames.add(normalizedName)
|
||||
// Build lookup maps (only for manual members)
|
||||
if (normalizedEmail) {
|
||||
// Only add if not already present (prefer first occurrence)
|
||||
if (!emailToIndexMap.has(normalizedEmail)) {
|
||||
emailToIndexMap.set(normalizedEmail, memberIndex)
|
||||
}
|
||||
}
|
||||
if (normalizedName) {
|
||||
// Only add if not already present (prefer first occurrence)
|
||||
if (!nameToIndexMap.has(normalizedName)) {
|
||||
nameToIndexMap.set(normalizedName, memberIndex)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Then add registered users (only active ones)
|
||||
@@ -56,21 +71,35 @@ export default defineEventHandler(async (event) => {
|
||||
const normalizedEmail = user.email?.toLowerCase().trim() || ''
|
||||
const normalizedName = user.name?.toLowerCase().trim() || ''
|
||||
|
||||
// Check if this user matches an existing manual member
|
||||
// Check if this user matches an existing manual member using O(1) lookup
|
||||
let matchedManualIndex = -1
|
||||
|
||||
// Try to match by email first
|
||||
if (normalizedEmail) {
|
||||
matchedManualIndex = mergedMembers.findIndex(
|
||||
m => m.source === 'manual' && m.email?.toLowerCase().trim() === normalizedEmail
|
||||
)
|
||||
// Try to match by email first (O(1) lookup)
|
||||
if (normalizedEmail && emailToIndexMap.has(normalizedEmail)) {
|
||||
matchedManualIndex = emailToIndexMap.get(normalizedEmail)
|
||||
// Verify it's still a manual member (safety check)
|
||||
if (mergedMembers[matchedManualIndex]?.source !== 'manual') {
|
||||
matchedManualIndex = -1
|
||||
}
|
||||
}
|
||||
|
||||
// If no email match, try name
|
||||
if (matchedManualIndex === -1 && normalizedName) {
|
||||
matchedManualIndex = mergedMembers.findIndex(
|
||||
m => m.source === 'manual' && m.name?.toLowerCase().trim() === normalizedName
|
||||
)
|
||||
// If no email match, try name (O(1) lookup)
|
||||
if (matchedManualIndex === -1 && normalizedName && nameToIndexMap.has(normalizedName)) {
|
||||
matchedManualIndex = nameToIndexMap.get(normalizedName)
|
||||
// Verify it's still a manual member and email doesn't conflict (safety check)
|
||||
const candidate = mergedMembers[matchedManualIndex]
|
||||
if (candidate?.source === 'manual') {
|
||||
// Additional safety: if candidate has email, make sure it doesn't conflict
|
||||
const candidateEmail = candidate.email?.toLowerCase().trim() || ''
|
||||
if (!candidateEmail || candidateEmail === normalizedEmail) {
|
||||
// Safe to match by name
|
||||
} else {
|
||||
// Email mismatch - don't match by name alone
|
||||
matchedManualIndex = -1
|
||||
}
|
||||
} else {
|
||||
matchedManualIndex = -1
|
||||
}
|
||||
}
|
||||
|
||||
if (matchedManualIndex !== -1) {
|
||||
|
||||
Reference in New Issue
Block a user