diff --git a/public/favicon.ico b/public/favicon.ico
new file mode 100644
index 0000000..bb4b92e
Binary files /dev/null and b/public/favicon.ico differ
diff --git a/public/index.html b/public/index.html
index 3ad8039..9300cbb 100644
--- a/public/index.html
+++ b/public/index.html
@@ -10,6 +10,8 @@
+
+
diff --git a/src/server.ts b/src/server.ts
index 23d1ab6..4b873d5 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -19,6 +19,25 @@ const soundcloud = new SoundCloudService();
// Middleware
app.use(express.json());
+app.use((req: Request, res: Response, next) => {
+ res.set('Content-Security-Policy',
+ 'default-src \'self\'; ' +
+ 'script-src \'self\' https://telegram.org \'unsafe-inline\'; ' +
+ 'style-src \'self\' \'unsafe-inline\'; ' +
+ 'img-src \'self\' data: https:; ' +
+ 'font-src \'self\'; ' +
+ 'connect-src \'self\' https://telegram.org; ' +
+ 'frame-ancestors \'self\'; ' +
+ 'base-uri \'self\'; ' +
+ 'form-action \'self\''
+ );
+ res.set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
+ res.set('Cross-Origin-Opener-Policy', 'same-origin');
+ res.set('X-Frame-Options', 'SAMEORIGIN');
+ res.set('X-Content-Type-Options', 'nosniff');
+ res.set('Referrer-Policy', 'strict-origin-when-cross-origin');
+ next();
+});
// Cache-busting middleware for iOS Safari
app.use('/dist/*.js', (req: Request, res: Response, next) => {
@@ -90,7 +109,7 @@ app.post('/api/search', async (req: Request, res: Response) => {
// Convert video to MP3
app.post('/api/convert', async (req: Request, res: Response) => {
try {
- const { videoId, title, userId, url, performer }: { videoId?: string; title?: string; userId?: string; url?: string; performer?: string } = req.body;
+ const { videoId, title, userId, url }: { videoId?: string; title?: string; userId?: string; url?: string } = req.body;
console.log('Convert request received:', { videoId, title, userId });
if (!videoId) {