mirror of
https://github.com/qbittorrent/qBittorrent.git
synced 2024-12-27 08:19:30 +08:00
[WebUI]: add X-XSS-Protection, X-Content-Type-Options, CSP header
This commit is contained in:
parent
f5ad04766f
commit
7756dd80f3
@ -44,6 +44,9 @@ namespace Http
|
|||||||
const QString HEADER_CONTENT_LENGTH = "Content-Length";
|
const QString HEADER_CONTENT_LENGTH = "Content-Length";
|
||||||
const QString HEADER_CACHE_CONTROL = "Cache-Control";
|
const QString HEADER_CACHE_CONTROL = "Cache-Control";
|
||||||
const QString HEADER_X_FRAME_OPTIONS = "X-Frame-Options";
|
const QString HEADER_X_FRAME_OPTIONS = "X-Frame-Options";
|
||||||
|
const QString HEADER_X_XSS_PROTECTION = "X-XSS-Protection";
|
||||||
|
const QString HEADER_X_CONTENT_TYPE_OPTIONS = "X-Content-Type-Options";
|
||||||
|
const QString HEADER_CONTENT_SECURITY_POLICY = "Content-Security-Policy";
|
||||||
|
|
||||||
const QString CONTENT_TYPE_CSS = "text/css; charset=UTF-8";
|
const QString CONTENT_TYPE_CSS = "text/css; charset=UTF-8";
|
||||||
const QString CONTENT_TYPE_GIF = "image/gif";
|
const QString CONTENT_TYPE_GIF = "image/gif";
|
||||||
|
@ -108,6 +108,9 @@ Http::Response AbstractWebApplication::processRequest(const Http::Request &reque
|
|||||||
|
|
||||||
// avoid clickjacking attacks
|
// avoid clickjacking attacks
|
||||||
header(Http::HEADER_X_FRAME_OPTIONS, "SAMEORIGIN");
|
header(Http::HEADER_X_FRAME_OPTIONS, "SAMEORIGIN");
|
||||||
|
header(Http::HEADER_X_XSS_PROTECTION, "1; mode=block");
|
||||||
|
header(Http::HEADER_X_CONTENT_TYPE_OPTIONS, "nosniff");
|
||||||
|
header(Http::HEADER_CONTENT_SECURITY_POLICY, "default-src 'self' 'unsafe-inline' 'unsafe-eval';");
|
||||||
|
|
||||||
sessionInitialize();
|
sessionInitialize();
|
||||||
if (!sessionActive() && !isAuthNeeded())
|
if (!sessionActive() && !isAuthNeeded())
|
||||||
|
Loading…
Reference in New Issue
Block a user