mirrors/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2024-11-29 05:48:47 +03:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #9001 from Chocobo1/csp

Browse source 
Improve WebUI security measures
This commit is contained in:
Mike Tzou 2018-05-31 00:34:21 +08:00 committed by GitHub
commit 6e96bbb2e9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/webui/webapplication.cpp
View file

@ -533,11 +533,14 @@ Http::Response WebApplication::processRequest(const Http::Request &request, cons
header(Http::HEADER_X_XSS_PROTECTION, "1; mode=block");
header(Http::HEADER_X_CONTENT_TYPE_OPTIONS, "nosniff");
QString csp = QLatin1String("default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; object-src 'none';");
if (m_isClickjackingProtectionEnabled) {
header(Http::HEADER_X_FRAME_OPTIONS, "SAMEORIGIN");
header(Http::HEADER_CONTENT_SECURITY_POLICY, "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; object-src 'none';");
csp += QLatin1String(" frame-ancestors 'self';");
}
header(Http::HEADER_CONTENT_SECURITY_POLICY, csp);
return response();
}