Mirrored_Repos/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2025-11-04 06:31:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix CSP for subdomains

Browse Source
This commit is contained in:
Omar Roth
2019-05-10 15:29:10 -05:00
parent fd8af88493
commit ddfd20d997
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/invidious.cr
View File

@@ -187,9 +187,10 @@ end
proxies = PROXY_LIST
before_all do |env|
host_url = make_host_url(config, Kemal.config)
env.response.headers["X-XSS-Protection"] = "1; mode=block;"
env.response.headers["X-Content-Type-Options"] = "nosniff"
env.response.headers["Content-Security-Policy"] = "default-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval'; media-src blob: 'self' https://*.googlevideo.com:443"
env.response.headers["Content-Security-Policy"] = "default-src blob: data: 'self' #{host_url} 'unsafe-inline' 'unsafe-eval'; media-src blob: 'self' #{host_url} https://*.googlevideo.com:443"
env.response.headers["Referrer-Policy"] = "same-origin"
if Kemal.config.ssl || config.https_only