Merge commit 'fe2667bb0d3487a32b9da5250402a90482a85fe2' into glitch-soc/merge-upstream

Conflicts:
- `app/lib/content_security_policy.rb`:
  Conflict caused by glitch-soc's support for the extra `EXTRA_DATA_HOSTS`
  environment variable.
  Ported upstream's changes while keeping support for `EXTRA_DATA_HOSTS`.

streaming/index.js

@@ -5,6 +5,7 @@ const http = require('http');
 const path = require('path');
 const url = require('url');
 
+const cors = require('cors');
 const dotenv = require('dotenv');
 const express = require('express');
 const Redis = require('ioredis');
@@ -187,6 +188,7 @@ const startServer = async () => {
 
   const pgPool = new pg.Pool(pgConfigFromEnv(process.env));
   const server = http.createServer(app);
+  app.use(cors());
 
   /**
    * @type {Object.<string, Array.<function(Object<string, any>): void>>}
@@ -327,19 +329,6 @@ const startServer = async () => {
     }
   };
 
-  /**
-   * @param {any} req
-   * @param {any} res
-   * @param {function(Error=): void} next
-   */
-  const allowCrossDomain = (req, res, next) => {
-    res.header('Access-Control-Allow-Origin', '*');
-    res.header('Access-Control-Allow-Headers', 'Authorization, Accept, Cache-Control');
-    res.header('Access-Control-Allow-Methods', 'GET, OPTIONS');
-
-    next();
-  };
-
   /**
    * @param {any} req
    * @param {any} res
@@ -994,7 +983,6 @@ const startServer = async () => {
 
   api.use(setRequestId);
   api.use(setRemoteAddress);
-  api.use(allowCrossDomain);
 
   api.use(authenticationMiddleware);
   api.use(errorMiddleware);

streaming/package.json

@@ -16,6 +16,7 @@
     "check:types": "tsc --noEmit"
   },
   "dependencies": {
+    "cors": "^2.8.5",
     "dotenv": "^16.0.3",
     "express": "^4.18.2",
     "ioredis": "^5.3.2",
@@ -28,6 +29,7 @@
     "ws": "^8.12.1"
   },
   "devDependencies": {
+    "@types/cors": "^2.8.16",
     "@types/express": "^4.17.17",
     "@types/npmlog": "^7.0.0",
     "@types/pg": "^8.6.6",