HelloZeroNet/ZeroNet
1
0
Fork 0
mirror of https://github.com/HelloZeroNet/ZeroNet.git synced 2023-12-14 04:33:03 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #743 from MuxZeroNet/patch-1

Browse source 
Add X-Frame-Options header
This commit is contained in:
ZeroNet 2017-01-06 13:29:00 +01:00 committed by GitHub
parent 6f2445c417 da7821a3a9
commit 8ef7e0a772
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/Ui/UiRequest.py
View file

@ -144,6 +144,7 @@ class UiRequest(object):
headers.append(("Keep-Alive", "max=25, timeout=30"))
if content_type != "text/html":
headers.append(("Access-Control-Allow-Origin", "*")) # Allow json access on non-html files
headers.append(("X-Frame-Options", "SAMEORIGIN"))
# headers.append(("Content-Security-Policy", "default-src 'self' data: 'unsafe-inline' ws://127.0.0.1:* http://127.0.0.1:* wss://tracker.webtorrent.io; sandbox allow-same-origin allow-top-navigation allow-scripts")) # Only local connections
if self.env["REQUEST_METHOD"] == "OPTIONS":
# Allow json access