librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Automatically add Content-Security-Policy header to response headers in the UI

This commit is contained in:
Théophile Diot 2023-06-05 14:05:10 -04:00
parent 5c7cd38b51
commit afe6da4cf5
No known key found for this signature in database
GPG Key ID: E752C80DB72BB014
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/ui/main.py
View File

@ -247,10 +247,6 @@ def update_config():
server_name = service.get("SERVER_NAME", {"value": None})["value"]
endpoint = service.get("REVERSE_PROXY_URL", {"value": "/"})["value"]
logger.warning(service.get("AUTO_LETS_ENCRYPT", {"value": "no"}))
logger.warning(service.get("GENERATE_SELF_SIGNED_SSL", {"value": "no"}))
logger.warning(service.get("USE_CUSTOM_SSL", {"value": "no"}))
if any(
[
service.get("AUTO_LETS_ENCRYPT", {"value": "no"})["value"] == "yes",
@ -282,9 +278,9 @@ def update_config():
if SCRIPT_NAME != getenv("SCRIPT_NAME"):
environ["SCRIPT_NAME"] = f"/{basename(ABSOLUTE_URI[:-1])}"
logger.info(f"The script name is now {environ['SCRIPT_NAME']}")
logger.info(f"The SCRIPT_NAME is now {environ['SCRIPT_NAME']}")
else:
logger.info(f"The script name is still {environ['SCRIPT_NAME']}")
logger.info(f"The SCRIPT_NAME is still {environ['SCRIPT_NAME']}")
def check_config_changes():
@ -387,6 +383,15 @@ def manage_bunkerweb(method: str, *args, operation: str = "reloads"):
app.config["RELOADING"] = False
@app.after_request
def set_csp_header(response):
"""Set the Content-Security-Policy header to prevent XSS attacks."""
response.headers[
"Content-Security-Policy"
] = "object-src 'none'; frame-ancestors 'self';"
return response
@login_manager.user_loader
def load_user(user_id):
return User(user_id, vars["ADMIN_PASSWORD"])