mirror of
https://github.com/janeczku/calibre-web
synced 2024-12-18 22:20:30 +00:00
Improved CSRF protection
This commit is contained in:
parent
b82d03c12c
commit
b699796236
@ -84,7 +84,9 @@ except ImportError:
|
|||||||
|
|
||||||
@app.after_request
|
@app.after_request
|
||||||
def add_security_headers(resp):
|
def add_security_headers(resp):
|
||||||
resp.headers['Content-Security-Policy']= "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:"
|
resp.headers['Content-Security-Policy'] = "default-src 'self' 'unsafe-inline' 'unsafe-eval';"
|
||||||
|
if request.endpoint == "editbook.edit_book":
|
||||||
|
resp.headers['Content-Security-Policy'] += "img-src * data:"
|
||||||
resp.headers['X-Content-Type-Options'] = 'nosniff'
|
resp.headers['X-Content-Type-Options'] = 'nosniff'
|
||||||
resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
|
resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
|
||||||
resp.headers['X-XSS-Protection'] = '1; mode=block'
|
resp.headers['X-XSS-Protection'] = '1; mode=block'
|
||||||
|
Loading…
Reference in New Issue
Block a user