NunoSempere/calibre-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'csp/patch-2'

Browse Source
This commit is contained in:
Ozzie Isaacs 2023-02-07 18:38:25 +01:00
commit 5b5146a793
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cps/web.py
View File

@ -91,10 +91,10 @@ def add_security_headers(resp):
if request.endpoint == "edit-book.show_edit_book" or config.config_use_google_drive: if request.endpoint == "edit-book.show_edit_book" or config.config_use_google_drive:
csp += " *;" csp += " *;"
elif request.endpoint == "web.read_book": elif request.endpoint == "web.read_book":
csp += " style-src-elem 'self' blob: 'unsafe-inline';" csp += " blob:; style-src-elem 'self' blob: 'unsafe-inline';"
else: else:
csp += ";" csp += ";"
csp += "object-src: 'none';" csp += " object-src 'none';"
resp.headers['Content-Security-Policy'] = csp resp.headers['Content-Security-Policy'] = csp
resp.headers['X-Content-Type-Options'] = 'nosniff' resp.headers['X-Content-Type-Options'] = 'nosniff'
resp.headers['X-Frame-Options'] = 'SAMEORIGIN' resp.headers['X-Frame-Options'] = 'SAMEORIGIN'