echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix CSP to allow inline style and refresh

Browse Source 
Add filter to all webapps
This commit is contained in:
zzz
2014-07-26 11:01:16 +00:00
parent 99401c5639
commit 4746d9eb80
16 changed files with 56 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
View File

@ -159,7 +159,7 @@ public class I2PSnarkServlet extends BasicServlet {
// this is the part after /i2psnark
String path = req.getServletPath();
resp.setHeader("X-Frame-Options", "SAMEORIGIN");
resp.setHeader("Content-Security-Policy", "default-src 'self'");
resp.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");
resp.setHeader("X-XSS-Protection", "1; mode=block");
String peerParam = req.getParameter("p");