echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8fa3e45e4799334f99f69b4185fd15a78cab0c07
i2p.i2p/apps/i2ptunnel/jsp/headers.jsi
zzz fa9f60bcd9 Console, webapps: CSP improvements 
i2ptunnel, susidns: Add headers.jsi
Console: Remove onload and use nonce for inline scripts where able
Version remaining js links
2019-12-25 12:18:00 +00:00

16 lines
738 B
Plaintext
Raw Blame History

<%
// NOTE: Do the header carefully so there is no whitespace before the <?xml... line
// http://www.crazysquirrel.com/computing/general/form-encoding.jspx
if (request.getCharacterEncoding() == null)
request.setCharacterEncoding("UTF-8");
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'none'; frame-ancestors 'self'; object-src 'none'; media-src 'none'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("Referrer-Policy", "no-referrer");
response.setHeader("Accept-Ranges", "none");
%>
Reference in New Issue View Git Blame Copy Permalink