rdelaage
/
invidious
mirror of https://github.com/iv-org/invidious.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix CSP for subdomains

This commit is contained in:
Omar Roth 2019-05-10 15:29:10 -05:00
parent fd8af88493
commit ddfd20d997
No known key found for this signature in database
GPG Key ID: B8254FB7EC3D37F2
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/invidious.cr
View File

@ -187,9 +187,10 @@ end
proxies = PROXY_LIST
before_all do |env|
host_url = make_host_url(config, Kemal.config)
env.response.headers["X-XSS-Protection"] = "1; mode=block;"
env.response.headers["X-Content-Type-Options"] = "nosniff"
env.response.headers["Content-Security-Policy"] = "default-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval'; media-src blob: 'self' https://*.googlevideo.com:443"
env.response.headers["Content-Security-Policy"] = "default-src blob: data: 'self' #{host_url} 'unsafe-inline' 'unsafe-eval'; media-src blob: 'self' #{host_url} https://*.googlevideo.com:443"
env.response.headers["Referrer-Policy"] = "same-origin"
if Kemal.config.ssl || config.https_only