oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add allow-origin header for media requests from same origin to fix css font support

Browse source
This commit is contained in:
shortcutme 2017-07-09 14:11:44 +02:00
parent 434cfce32a
commit 5950b04c40
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/Ui/UiRequest.py
View file

@ -190,7 +190,8 @@ class UiRequest(object):
headers.append(("Connection", "Keep-Alive")) headers.append(("Connection", "Keep-Alive"))
headers.append(("Keep-Alive", "max=25, timeout=30")) headers.append(("Keep-Alive", "max=25, timeout=30"))
headers.append(("X-Frame-Options", "SAMEORIGIN")) headers.append(("X-Frame-Options", "SAMEORIGIN"))
# headers.append(("Content-Security-Policy", "default-src 'self' data: 'unsafe-inline' ws://127.0.0.1:* http://127.0.0.1:* wss://tracker.webtorrent.io; sandbox allow-same-origin allow-top-navigation allow-scripts")) # Only local connections if content_type != "text/html" and self.env.get("HTTP_REFERER") and self.isSameOrigin(self.getReferer(), self.getRequestUrl()):
headers.append(("Access-Control-Allow-Origin", "*")) # Allow load font files from css
if self.env["REQUEST_METHOD"] == "OPTIONS": if self.env["REQUEST_METHOD"] == "OPTIONS":
# Allow json access # Allow json access
headers.append(("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Cookie")) headers.append(("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Cookie"))