squidy/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2025-12-19 15:07:22 -06:00
Code Issues Packages Projects Releases Wiki Activity

[WebUI]: add X-XSS-Protection, X-Content-Type-Options, CSP header

Browse Source
This commit is contained in:
Chocobo1
2017-02-05 12:19:47 +08:00
committed by sledgehammer999
parent f5ad04766f
commit 7756dd80f3
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/webui/abstractwebapplication.cpp
View File

@@ -108,6 +108,9 @@ Http::Response AbstractWebApplication::processRequest(const Http::Request &reque
// avoid clickjacking attacks
header(Http::HEADER_X_FRAME_OPTIONS, "SAMEORIGIN");
header(Http::HEADER_X_XSS_PROTECTION, "1; mode=block");
header(Http::HEADER_X_CONTENT_TYPE_OPTIONS, "nosniff");
header(Http::HEADER_CONTENT_SECURITY_POLICY, "default-src 'self' 'unsafe-inline' 'unsafe-eval';");
sessionInitialize();
if (!sessionActive() && !isAuthNeeded())