NunoSempere/calibre-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'csp/patch-2'

Browse Source 
Updated testresult
This commit is contained in:
Ozzie Isaacs 2023-02-07 18:38:25 +01:00
commit 63a3edd429
3 changed files with 218 additions and 414 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cps/web.py
View File

@ -91,10 +91,10 @@ def add_security_headers(resp):
if request.endpoint == "edit-book.show_edit_book" or config.config_use_google_drive: if request.endpoint == "edit-book.show_edit_book" or config.config_use_google_drive:
csp += " *;" csp += " *;"
elif request.endpoint == "web.read_book": elif request.endpoint == "web.read_book":
csp += " style-src-elem 'self' blob: 'unsafe-inline';" csp += " blob:; style-src-elem 'self' blob: 'unsafe-inline';"
else: else:
csp += ";" csp += ";"
csp += "object-src: 'none';" csp += " object-src 'none';"
resp.headers['Content-Security-Policy'] = csp resp.headers['Content-Security-Policy'] = csp
resp.headers['X-Content-Type-Options'] = 'nosniff' resp.headers['X-Content-Type-Options'] = 'nosniff'
resp.headers['X-Frame-Options'] = 'SAMEORIGIN' resp.headers['X-Frame-Options'] = 'SAMEORIGIN'

2
setup.cfg
View File

@ -38,7 +38,7 @@ console_scripts =
[options] [options]
include_package_data = True include_package_data = True
install_requires = install_requires =
APScheduler>=3.6.3,<3.10.0 APScheduler>=3.6.3,<3.11.0
werkzeug<2.1.0 werkzeug<2.1.0
Babel>=1.3,<3.0 Babel>=1.3,<3.0
Flask-Babel>=0.11.1,<3.1.0 Flask-Babel>=0.11.1,<3.1.0

626
test/Calibre-Web TestSummary_Linux.html
View File

File diff suppressed because it is too large Load Diff