mirrors/calibre-web
1
0
Fork 0
mirror of https://github.com/janeczku/calibre-web synced 2024-11-30 21:40:00 +00:00
Code Issues Releases Wiki Activity

Added response header for improving security

Browse Source
This commit is contained in:
Ozzieisaacs 2020-05-08 14:49:12 +02:00
parent 4368c182a0
commit 4e940f7fa0
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cps/web.py
View File

@ -130,6 +130,14 @@ if feature_support['ldap']:
# log.error('Database request error: %s',e) # log.error('Database request error: %s',e)
# return internal_error(InternalServerError(e)) # return internal_error(InternalServerError(e))
@app.after_request
def add_security_headers(resp):
# resp.headers['Content-Security-Policy']= "script-src 'self' https://www.googleapis.com https://api.douban.com https://comicvine.gamespot.com;"
resp.headers['X-Content-Type-Options'] = 'nosniff'
resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
resp.headers['X-XSS-Protection'] = '1; mode=block'
# resp.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains'
return resp
web = Blueprint('web', __name__) web = Blueprint('web', __name__)
log = logger.create() log = logger.create()