echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Console, webapps: CSP improvements

Browse Source 
i2ptunnel, susidns: Add headers.jsi
Console: Remove onload and use nonce for inline scripts where able
Version remaining js links
This commit is contained in:
zzz
2019-12-25 12:18:00 +00:00
parent 63b48e30be
commit fa9f60bcd9
64 changed files with 118 additions and 279 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
View File

@ -414,7 +414,7 @@ public class I2PSnarkServlet extends BasicServlet {
resp.setContentType("text/html; charset=UTF-8");
// "no-store, max-age=0" forces all our images to be reloaded on ajax refresh
resp.setHeader("Cache-Control", "max-age=86400, no-cache, must-revalidate");
resp.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");
resp.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'self'; object-src 'none'");
resp.setDateHeader("Expires", 86400);
resp.setHeader("Pragma", "no-cache");
resp.setHeader("X-Frame-Options", "SAMEORIGIN");