d4708/qBittorrent
1
0
Fork 0
mirror of https://github.com/d47081/qBittorrent.git synced 2025-02-02 18:04:32 +00:00
Code Issues Projects Releases Wiki Activity

Enforce referrer-policy in WebUI

Browse Source 
This stops leaking private data to other websites via Referrer header.
This commit is contained in:
Chocobo1 2018-12-10 22:14:53 +08:00
parent e1f19b7c75
commit 7fd30fa90f
No known key found for this signature in database
GPG Key ID: 210D9C873253A68C
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/base/http/types.h
View File

@ -52,6 +52,7 @@ namespace Http
const char HEADER_HOST[] = "host"; const char HEADER_HOST[] = "host";
const char HEADER_ORIGIN[] = "origin"; const char HEADER_ORIGIN[] = "origin";
const char HEADER_REFERER[] = "referer"; const char HEADER_REFERER[] = "referer";
const char HEADER_REFERRER_POLICY[] = "referrer-policy";
const char HEADER_SET_COOKIE[] = "set-cookie"; const char HEADER_SET_COOKIE[] = "set-cookie";
const char HEADER_X_CONTENT_TYPE_OPTIONS[] = "x-content-type-options"; const char HEADER_X_CONTENT_TYPE_OPTIONS[] = "x-content-type-options";
const char HEADER_X_FORWARDED_HOST[] = "x-forwarded-host"; const char HEADER_X_FORWARDED_HOST[] = "x-forwarded-host";

4
src/webui/webapplication.cpp
View File

@ -570,9 +570,11 @@ Http::Response WebApplication::processRequest(const Http::Request &request, cons
if (m_isHttpsEnabled) { if (m_isHttpsEnabled) {
csp += QLatin1String(" upgrade-insecure-requests;"); csp += QLatin1String(" upgrade-insecure-requests;");
} }
header(Http::HEADER_CONTENT_SECURITY_POLICY, csp); header(Http::HEADER_CONTENT_SECURITY_POLICY, csp);
if (!m_isAltUIUsed)
header(Http::HEADER_REFERRER_POLICY, "same-origin");
return response(); return response();
} }