From 17b7af9199f84363e8631f2969577ba0bb19aff5 Mon Sep 17 00:00:00 2001
From: Christy Jacob <christyjacob4@gmail.com>
Date: Wed, 23 Nov 2022 02:44:38 +0530
Subject: [PATCH 1/4] fix: add headers to console

---
 app/controllers/web/console.php | 18 ++++++++++++++++++
 app/controllers/web/home.php    |  2 +-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/app/controllers/web/console.php b/app/controllers/web/console.php
index 8115f09285..bfb925b1ae 100644
--- a/app/controllers/web/console.php
+++ b/app/controllers/web/console.php
@@ -1,8 +1,26 @@
 <?php
 
+use Appwrite\Utopia\Request;
 use Appwrite\Utopia\Response;
 use Utopia\App;
 
+App::init()
+    ->groups(['web'])
+    ->inject('request')
+    ->inject('response')
+    ->action(function (Request $request, Response $response) {
+        $time = (60 * 60 * 24 * 45); // 45 days cache
+
+        $response
+            ->addHeader('Cache-Control', 'public, max-age=' . $time)
+            ->addHeader('Expires', \date('D, d M Y H:i:s', \time() + $time) . ' GMT') // 45 days cache
+            ->addHeader('X-Frame-Options', 'SAMEORIGIN') // Avoid console and homepage from showing in iframes
+            ->addHeader('X-XSS-Protection', '1; mode=block; report=/v1/xss?url=' . \urlencode($request->getURI()))
+            ->addHeader('X-UA-Compatible', 'IE=Edge') // Deny IE browsers from going into quirks mode
+        ;
+
+    });
+
 App::get('/console')
     ->alias('/')
     ->alias('/invite')
diff --git a/app/controllers/web/home.php b/app/controllers/web/home.php
index 04785fb338..9655db8a01 100644
--- a/app/controllers/web/home.php
+++ b/app/controllers/web/home.php
@@ -6,7 +6,7 @@ use Utopia\Config\Config;
 
 App::get('/versions')
     ->desc('Get Version')
-    ->groups(['web', 'home'])
+    ->groups(['home'])
     ->label('scope', 'public')
     ->inject('response')
     ->action(function (Response $response) {

From 6a6a90a24cc6fe0eac4719bebf8f6a18f674bad3 Mon Sep 17 00:00:00 2001
From: Christy Jacob <christyjacob4@gmail.com>
Date: Wed, 23 Nov 2022 02:51:00 +0530
Subject: [PATCH 2/4] fix: review comments

---
 app/controllers/web/console.php | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/app/controllers/web/console.php b/app/controllers/web/console.php
index bfb925b1ae..42fe221062 100644
--- a/app/controllers/web/console.php
+++ b/app/controllers/web/console.php
@@ -9,16 +9,11 @@ App::init()
     ->inject('request')
     ->inject('response')
     ->action(function (Request $request, Response $response) {
-        $time = (60 * 60 * 24 * 45); // 45 days cache
-
         $response
-            ->addHeader('Cache-Control', 'public, max-age=' . $time)
-            ->addHeader('Expires', \date('D, d M Y H:i:s', \time() + $time) . ' GMT') // 45 days cache
             ->addHeader('X-Frame-Options', 'SAMEORIGIN') // Avoid console and homepage from showing in iframes
             ->addHeader('X-XSS-Protection', '1; mode=block; report=/v1/xss?url=' . \urlencode($request->getURI()))
             ->addHeader('X-UA-Compatible', 'IE=Edge') // Deny IE browsers from going into quirks mode
         ;
-
     });
 
 App::get('/console')

From 1262a07729267016e04ad3e7b7e467183f6016be Mon Sep 17 00:00:00 2001
From: Christy Jacob <christyjacob4@gmail.com>
Date: Wed, 23 Nov 2022 12:19:46 +0530
Subject: [PATCH 3/4] chore: update changelog

---
 CHANGES.md  | 1 +
 app/console | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index e1655b069c..2c44004ab7 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,6 +1,7 @@
 # Version 1.1.2
 ## Changes
 - Make `region` parameter optional with default for project create [#4763](https://github.com/appwrite/appwrite/pull/4763)
+- Add security headers to the console endpoint [#4758](https://github.com/appwrite/appwrite/pull/4758)
 
 # Version 1.1.1
 ## Bugs
diff --git a/app/console b/app/console
index f89584bdd4..b1a81a390a 160000
--- a/app/console
+++ b/app/console
@@ -1 +1 @@
-Subproject commit f89584bdd4ba3de07fb54cecbc275b131e23a4fb
+Subproject commit b1a81a390a05746701651fca49e0d853f430677c

From 8bf8c96b01c9bf2ae5f56af6a28115d3faf53e07 Mon Sep 17 00:00:00 2001
From: Christy Jacob <christyjacob4@gmail.com>
Date: Tue, 11 Jul 2023 18:43:28 +0000
Subject: [PATCH 4/4] feat: update console

---
 app/console | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/console b/app/console
index ac4181aea4..9174d8f8cb 160000
--- a/app/console
+++ b/app/console
@@ -1 +1 @@
-Subproject commit ac4181aea403d888e63cb527c700e80013c68ea8
+Subproject commit 9174d8f8cb584744dd7a53f69d324f490ee82ee3