oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

X-Frame-Options

Browse source
This commit is contained in:
MuxZeroNet 2017-01-06 01:44:22 +00:00 committed by GitHub
parent 431415c052
commit da7821a3a9
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/Ui/UiRequest.py
View file

@ -144,6 +144,7 @@ class UiRequest(object):
headers.append(("Keep-Alive", "max=25, timeout=30")) headers.append(("Keep-Alive", "max=25, timeout=30"))
if content_type != "text/html": if content_type != "text/html":
headers.append(("Access-Control-Allow-Origin", "*")) # Allow json access on non-html files headers.append(("Access-Control-Allow-Origin", "*")) # Allow json access on non-html files
headers.append(("X-Frame-Options", "SAMEORIGIN"))
# headers.append(("Content-Security-Policy", "default-src 'self' data: 'unsafe-inline' ws://127.0.0.1:* http://127.0.0.1:* wss://tracker.webtorrent.io; sandbox allow-same-origin allow-top-navigation allow-scripts")) # Only local connections # headers.append(("Content-Security-Policy", "default-src 'self' data: 'unsafe-inline' ws://127.0.0.1:* http://127.0.0.1:* wss://tracker.webtorrent.io; sandbox allow-same-origin allow-top-navigation allow-scripts")) # Only local connections
if self.env["REQUEST_METHOD"] == "OPTIONS": if self.env["REQUEST_METHOD"] == "OPTIONS":
# Allow json access # Allow json access