Merge branch 'next' into QT-262

api/api.js

@@ -109,8 +109,8 @@ plugins.connectToAllDatabases().then(function() {
         password_rotation: 3,
         password_autocomplete: true,
         robotstxt: "User-agent: *\nDisallow: /",
-        dashboard_additional_headers: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nStrict-Transport-Security:max-age=31536000 ; includeSubDomains\nX-Content-Type-Options: nosniff",
-        api_additional_headers: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nAccess-Control-Allow-Origin:*",
+        dashboard_additional_headers: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nStrict-Transport-Security:max-age=31536000; includeSubDomains; preload\nX-Content-Type-Options: nosniff",
+        api_additional_headers: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nStrict-Transport-Security:max-age=31536000; includeSubDomains; preload\nAccess-Control-Allow-Origin:*",
         dashboard_rate_limit_window: 60,
         dashboard_rate_limit_requests: 500,
         proxy_hostname: "",

bin/commands/scripts/apidocs.sh

@@ -12,5 +12,7 @@ then
 elif [ "$1" = "generate" ]; then
     echo 'yes'
     echo "$DIR/../../../../plugins/"
+    npm install apidoc;
+    npm install apidoc-template;
     "$DIR/../../../node_modules/.bin/apidoc" -c "$DIR/../../../apidoc.json" -f "api/.*\\.js$" -i "$DIR/../../../plugins/" -o "$DIR/../../../frontend/express/public/apidoc/" -t "$DIR/../../../node_modules/apidoc-template/template/";
 fi

bin/commands/scripts/docs.sh

@@ -20,7 +20,7 @@ elif [ "$1" = "generate" ]; then
     npx jsdoc "$DIR/../../../frontend/express/app.js" "$DIR/../../../frontend/express/config.sample.js" "$DIR/../../../frontend/express/version.info.js" "$DIR/../../../frontend/express/locale.conf.js" "$DIR/../../../frontend/express/libs/" -R "$DIR/../../../README.md" -c  "$DIR/../../../jsdoc_conf.json" -d  "$DIR/../../../frontend/express/public/docs/app" ;
 
     #apidoc
-    npx apidoc -i "$DIR/../../../" -o "$DIR/../../../frontend/express/public/docs/apidoc" -f ".*\\.js$" -e "node_modules" ;
+    npm install apidoc; npm install apidoc-template; npx apidoc -i "$DIR/../../../" -o "$DIR/../../../frontend/express/public/docs/apidoc" -f ".*\\.js$" -e "node_modules" ;
 
     #add redirect for main folder
     echo "<html><head><meta http-equiv='Refresh' content='0; url=./api/index.html'/><script type='javascript'>window.location = './api/index.html';</script></head></html>" > "$DIR/../../../frontend/express/public/docs/index.html"

frontend/express/app.js

@@ -151,8 +151,8 @@ plugins.setConfigs("security", {
     password_rotation: 3,
     password_autocomplete: true,
     robotstxt: "User-agent: *\nDisallow: /",
-    dashboard_additional_headers: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nStrict-Transport-Security:max-age=31536000 ; includeSubDomains\nX-Content-Type-Options: nosniff",
-    api_additional_headers: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nAccess-Control-Allow-Origin:*",
+    dashboard_additional_headers: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nStrict-Transport-Security:max-age=31536000; includeSubDomains; preload\nX-Content-Type-Options: nosniff",
+    api_additional_headers: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nStrict-Transport-Security:max-age=31536000; includeSubDomains; preload\nAccess-Control-Allow-Origin:*",
     dashboard_rate_limit_window: 60,
     dashboard_rate_limit_requests: 500
 });

frontend/express/public/.well-known/security.txt

@@ -0,0 +1,7 @@
+# If you would like to report a security issue with Countly Server, Countly SDKs
+# please get in touch via the below method
+Contact: mailto:[email protected]
+Expires: 2025-03-14T00:00:00.000Z
+Preferred-Languages: en
+Canonical: https://securitytxt.org/.well-known/security.txt
+Policy: https://countly.com/legal/privacy-policy