NunoSempere/calibre-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improved CSRF protection

Browse Source
This commit is contained in:
Ozzie Isaacs 2021-10-03 08:03:14 +02:00
parent b82d03c12c
commit b699796236
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cps/web.py
View File

@ -84,7 +84,9 @@ except ImportError:
@app.after_request @app.after_request
def add_security_headers(resp): def add_security_headers(resp):
resp.headers['Content-Security-Policy']= "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:" resp.headers['Content-Security-Policy'] = "default-src 'self' 'unsafe-inline' 'unsafe-eval';"
if request.endpoint == "editbook.edit_book":
resp.headers['Content-Security-Policy'] += "img-src * data:"
resp.headers['X-Content-Type-Options'] = 'nosniff' resp.headers['X-Content-Type-Options'] = 'nosniff'
resp.headers['X-Frame-Options'] = 'SAMEORIGIN' resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
resp.headers['X-XSS-Protection'] = '1; mode=block' resp.headers['X-XSS-Protection'] = '1; mode=block'