summaryrefslogtreecommitdiff
path: root/service/pixelated/config/site.py
diff options
context:
space:
mode:
Diffstat (limited to 'service/pixelated/config/site.py')
-rw-r--r--service/pixelated/config/site.py11
1 files changed, 7 insertions, 4 deletions
diff --git a/service/pixelated/config/site.py b/service/pixelated/config/site.py
index 8806366a..6a29c478 100644
--- a/service/pixelated/config/site.py
+++ b/service/pixelated/config/site.py
@@ -2,12 +2,15 @@ from twisted.web.server import Site, Request
class AddCSPHeaderRequest(Request):
- HEADER_VALUES = "default-src 'self'; style-src 'self' 'unsafe-inline'"
+ CSP_HEADER_VALUES = "default-src 'self'; style-src 'self' 'unsafe-inline'"
def process(self):
- self.setHeader("Content-Security-Policy", self.HEADER_VALUES)
- self.setHeader("X-Content-Security-Policy", self.HEADER_VALUES)
- self.setHeader("X-Webkit-CSP", self.HEADER_VALUES)
+ self.setHeader('Content-Security-Policy', self.CSP_HEADER_VALUES)
+ self.setHeader('X-Content-Security-Policy', self.CSP_HEADER_VALUES)
+ self.setHeader('X-Webkit-CSP', self.CSP_HEADER_VALUES)
+ self.setHeader('X-Frame-Options', 'SAMEORIGIN')
+ self.setHeader('X-XSS-Protection', '1; mode=block')
+ self.setHeader('X-Content-Type-Options', 'nosniff')
if self.isSecure():
self.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains')
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-17 10:06:00 +0000