feat: import content + x-forwarded toggle

server/app/data.yml

@@ -45,6 +45,7 @@ defaults:
     security:
       securityIframe: true
       securityReferrerPolicy: true
+      securityTrustProxy: true
       securityHSTS: false
       securityHSTSDuration: 300
       securityCSP: false

server/graph/resolvers/site.js

@@ -46,6 +46,7 @@ module.exports = {
         WIKI.config.security = {
           securityIframe: args.securityIframe,
           securityReferrerPolicy: args.securityReferrerPolicy,
+          securityTrustProxy: args.securityTrustProxy,
           securityHSTS: args.securityHSTS,
           securityHSTSDuration: args.securityHSTSDuration,
           securityCSP: args.securityCSP,
@@ -53,6 +54,12 @@ module.exports = {
         }
         await WIKI.configSvc.saveToDb(['host', 'title', 'company', 'seo', 'logo', 'features', 'security'])
 
+        if (WIKI.config.security.securityTrustProxy) {
+          WIKI.app.enable('trust proxy')
+        } else {
+          WIKI.app.disable('trust proxy')
+        }
+
         return {
           responseResult: graphHelper.generateSuccess('Site configuration updated successfully')
         }

server/graph/schemas/site.graphql

@@ -38,6 +38,7 @@ type SiteMutation {
     featurePersonalWikis: Boolean!
     securityIframe: Boolean!
     securityReferrerPolicy: Boolean!
+    securityTrustProxy: Boolean!
     securityHSTS: Boolean!
     securityHSTSDuration: Int!
     securityCSP: Boolean!
@@ -64,6 +65,7 @@ type SiteConfig {
   featurePersonalWikis: Boolean!
   securityIframe: Boolean!
   securityReferrerPolicy: Boolean!
+  securityTrustProxy: Boolean!
   securityHSTS: Boolean!
   securityHSTSDuration: Int!
   securityCSP: Boolean!

server/master.js

@@ -48,7 +48,7 @@ module.exports = async () => {
   app.use(mw.security)
   app.use(cors(WIKI.config.cors))
   app.options('*', cors(WIKI.config.cors))
-  if (WIKI.config.trustProxy) {
+  if (WIKI.config.security.securityTrustProxy) {
     app.enable('trust proxy')
   }