From 4e940f7fa0dac55d0f18aabd9992366ac97a36ad Mon Sep 17 00:00:00 2001 From: Ozzieisaacs Date: Fri, 8 May 2020 14:49:12 +0200 Subject: [PATCH] Added response header for improving security --- cps/web.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cps/web.py b/cps/web.py index d3d2111b..7ece77b1 100644 --- a/cps/web.py +++ b/cps/web.py @@ -130,6 +130,14 @@ if feature_support['ldap']: # log.error('Database request error: %s',e) # return internal_error(InternalServerError(e)) +@app.after_request +def add_security_headers(resp): + # resp.headers['Content-Security-Policy']= "script-src 'self' https://www.googleapis.com https://api.douban.com https://comicvine.gamespot.com;" + resp.headers['X-Content-Type-Options'] = 'nosniff' + resp.headers['X-Frame-Options'] = 'SAMEORIGIN' + resp.headers['X-XSS-Protection'] = '1; mode=block' + # resp.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' + return resp web = Blueprint('web', __name__) log = logger.create()