From e1d92bf0ecb0da3272ee59bb886e623ebc69744d Mon Sep 17 00:00:00 2001 From: shortcutme Date: Mon, 28 Oct 2019 16:41:55 +0100 Subject: [PATCH] Changing allow-origin to js files looks no longer necessary --- src/Ui/UiRequest.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/Ui/UiRequest.py b/src/Ui/UiRequest.py index 3f50e020..63218f1b 100644 --- a/src/Ui/UiRequest.py +++ b/src/Ui/UiRequest.py @@ -278,8 +278,6 @@ class UiRequest(object): headers["X-Frame-Options"] = "SAMEORIGIN" if content_type != "text/html" and self.env.get("HTTP_REFERER") and self.isSameOrigin(self.getReferer(), self.getRequestUrl()): headers["Access-Control-Allow-Origin"] = "*" # Allow load font files from css - if content_type == "text/javascript" and not self.env.get("HTTP_REFERER"): - headers["Access-Control-Allow-Origin"] = "*" # Allow loading JavaScript modules in Chrome if noscript: headers["Content-Security-Policy"] = "default-src 'none'; sandbox allow-top-navigation allow-forms; img-src 'self'; font-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline';"