mirror of
https://github.com/qbittorrent/qBittorrent.git
synced 2024-12-21 08:09:35 +08:00
Enforce referrer-policy in WebUI
This stops leaking private data to other websites via Referrer header.
This commit is contained in:
parent
e1f19b7c75
commit
7fd30fa90f
@ -52,6 +52,7 @@ namespace Http
|
||||
const char HEADER_HOST[] = "host";
|
||||
const char HEADER_ORIGIN[] = "origin";
|
||||
const char HEADER_REFERER[] = "referer";
|
||||
const char HEADER_REFERRER_POLICY[] = "referrer-policy";
|
||||
const char HEADER_SET_COOKIE[] = "set-cookie";
|
||||
const char HEADER_X_CONTENT_TYPE_OPTIONS[] = "x-content-type-options";
|
||||
const char HEADER_X_FORWARDED_HOST[] = "x-forwarded-host";
|
||||
|
@ -570,9 +570,11 @@ Http::Response WebApplication::processRequest(const Http::Request &request, cons
|
||||
if (m_isHttpsEnabled) {
|
||||
csp += QLatin1String(" upgrade-insecure-requests;");
|
||||
}
|
||||
|
||||
header(Http::HEADER_CONTENT_SECURITY_POLICY, csp);
|
||||
|
||||
if (!m_isAltUIUsed)
|
||||
header(Http::HEADER_REFERRER_POLICY, "same-origin");
|
||||
|
||||
return response();
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user