oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Changing allow-origin to js files looks no longer necessary

Browse source
This commit is contained in:
shortcutme 2019-10-28 16:41:55 +01:00
parent 270f3e9ffd
commit e1d92bf0ec
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
1 changed files with 0 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/Ui/UiRequest.py
View file

@ -278,8 +278,6 @@ class UiRequest(object):
headers["X-Frame-Options"] = "SAMEORIGIN"
if content_type != "text/html" and self.env.get("HTTP_REFERER") and self.isSameOrigin(self.getReferer(), self.getRequestUrl()):
headers["Access-Control-Allow-Origin"] = "*" # Allow load font files from css
if content_type == "text/javascript" and not self.env.get("HTTP_REFERER"):
headers["Access-Control-Allow-Origin"] = "*" # Allow loading JavaScript modules in Chrome
if noscript:
headers["Content-Security-Policy"] = "default-src 'none'; sandbox allow-top-navigation allow-forms; img-src 'self'; font-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline';"