mirror of
				https://github.com/janeczku/calibre-web
				synced 2025-10-26 04:47:40 +00:00 
			
		
		
		
	Merge branch 'master' into Develop
This commit is contained in:
		| @@ -95,10 +95,10 @@ def add_security_headers(resp): | |||||||
|     if request.endpoint == "edit-book.show_edit_book" or config.config_use_google_drive: |     if request.endpoint == "edit-book.show_edit_book" or config.config_use_google_drive: | ||||||
|         csp += " *;" |         csp += " *;" | ||||||
|     elif request.endpoint == "web.read_book": |     elif request.endpoint == "web.read_book": | ||||||
|         csp += " style-src-elem 'self' blob: 'unsafe-inline';" |         csp += " blob:; style-src-elem 'self' blob: 'unsafe-inline';" | ||||||
|     else: |     else: | ||||||
|         csp += ";" |         csp += ";" | ||||||
|     csp += "object-src: 'none';" |     csp += " object-src 'none';" | ||||||
|     resp.headers['Content-Security-Policy'] = csp |     resp.headers['Content-Security-Policy'] = csp | ||||||
|     resp.headers['X-Content-Type-Options'] = 'nosniff' |     resp.headers['X-Content-Type-Options'] = 'nosniff' | ||||||
|     resp.headers['X-Frame-Options'] = 'SAMEORIGIN' |     resp.headers['X-Frame-Options'] = 'SAMEORIGIN' | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Ozzie Isaacs
					Ozzie Isaacs