mirror of
https://github.com/dkmstr/openuds.git
synced 2024-12-22 13:34:04 +03:00
chore: Update Content-Security-Policy to include frame-ancestors 'none' for improved security
This commit is contained in:
parent
5ba08e2896
commit
30fb0d0183
@ -93,7 +93,7 @@ def _process_response(
|
|||||||
response['X-XSS-Protection'] = '1; mode=block'
|
response['X-XSS-Protection'] = '1; mode=block'
|
||||||
# Add Content-Security-Policy, see https://www.owasp.org/index.php/Content_Security_Policy
|
# Add Content-Security-Policy, see https://www.owasp.org/index.php/Content_Security_Policy
|
||||||
response['Content-Security-Policy'] = (
|
response['Content-Security-Policy'] = (
|
||||||
"default-src 'self' 'unsafe-inline' 'unsafe-eval' uds: udss:; img-src 'self' https: data:;"
|
"default-src 'self' 'unsafe-inline' 'unsafe-eval' uds: udss:; img-src 'self' https: data:; frame-ancestors 'none';"
|
||||||
)
|
)
|
||||||
return response
|
return response
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user