Git-Mirrors/onionshare
1
0
Fork 0
mirror of https://github.com/onionshare/onionshare.git synced 2024-10-01 01:35:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Update the Content-Security-Policy: remove style-src and script-src which are inherited by default-src. Add frame-ancestors, form-action and base-uri which do not inherit default-src

Browse Source
This commit is contained in:
Miguel Jacq 2021-04-29 10:09:44 +10:00
parent 470fb2bda3
commit 330e602694
No known key found for this signature in database
GPG Key ID: EEA4341C6D97A0B6
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cli/onionshare_cli/web/web.py
View File

@ -310,7 +310,7 @@ class Web:
if not self.settings.get("website", "disable_csp") or self.mode != "website": if not self.settings.get("website", "disable_csp") or self.mode != "website":
r.headers.set( r.headers.set(
"Content-Security-Policy", "Content-Security-Policy",
"default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self' data:;", "default-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; img-src 'self' data:;",
) )
return r return r