d4708
/
qBittorrent
mirror of https://github.com/d47081/qBittorrent.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #9001 from Chocobo1/csp 

Improve WebUI security measures
adaptive-webui-19844
Mike Tzou 7 years ago committed by GitHub
parent
93d4f2d595 e8d378e167
commit
6e96bbb2e9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      src/webui/webapplication.cpp

5
src/webui/webapplication.cpp
Unescape View File

@ -533,11 +533,14 @@ Http::Response WebApplication::processRequest(const Http::Request &request, cons @@ -533,11 +533,14 @@ Http::Response WebApplication::processRequest(const Http::Request &request, cons
header(Http::HEADER_X_XSS_PROTECTION, "1; mode=block");
header(Http::HEADER_X_CONTENT_TYPE_OPTIONS, "nosniff");
QString csp = QLatin1String("default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; object-src 'none';");
if (m_isClickjackingProtectionEnabled) {
header(Http::HEADER_X_FRAME_OPTIONS, "SAMEORIGIN");
header(Http::HEADER_CONTENT_SECURITY_POLICY, "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; object-src 'none';");
csp += QLatin1String(" frame-ancestors 'self';");
}
header(Http::HEADER_CONTENT_SECURITY_POLICY, csp);
return response();
}

Write Preview
Loading…
Cancel
Save