1
0
mirror of https://github.com/janeczku/calibre-web synced 2024-11-28 12:30:00 +00:00

Remove include subdomwains from hsts protection (#2114)

This commit is contained in:
Ozzie Isaacs 2021-10-23 09:45:04 +02:00
parent fe4db16a7e
commit bd0071354c

View File

@ -88,7 +88,7 @@ def add_security_headers(resp):
resp.headers['X-Content-Type-Options'] = 'nosniff' resp.headers['X-Content-Type-Options'] = 'nosniff'
resp.headers['X-Frame-Options'] = 'SAMEORIGIN' resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
resp.headers['X-XSS-Protection'] = '1; mode=block' resp.headers['X-XSS-Protection'] = '1; mode=block'
resp.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains' resp.headers['Strict-Transport-Security'] = 'max-age=31536000;'
return resp return resp
web = Blueprint('web', __name__) web = Blueprint('web', __name__)
@ -605,14 +605,6 @@ def render_language_books(page, name, order):
except KeyError: except KeyError:
abort(404) abort(404)
#try:
# cur_l = LC.parse(name)
# lang_name = cur_l.get_language_name(get_locale())
#except UnknownLocaleError:
# try:
# lang_name = _(isoLanguages.get(part3=name).name)
# except KeyError:
# abort(404)
entries, random, pagination = calibre_db.fill_indexpage(page, 0, entries, random, pagination = calibre_db.fill_indexpage(page, 0,
db.Books, db.Books,
db.Books.languages.any(db.Languages.lang_code == name), db.Books.languages.any(db.Languages.lang_code == name),