1
0
mirror of https://github.com/dkmstr/openuds.git synced 2024-12-22 13:34:04 +03:00

chore: Update Content-Security-Policy to include frame-ancestors 'none' for improved security

This commit is contained in:
Adolfo Gómez García 2024-08-19 22:56:39 +02:00
parent 5ba08e2896
commit 30fb0d0183
No known key found for this signature in database
GPG Key ID: DD1ABF20724CDA23

View File

@ -93,7 +93,7 @@ def _process_response(
response['X-XSS-Protection'] = '1; mode=block' response['X-XSS-Protection'] = '1; mode=block'
# Add Content-Security-Policy, see https://www.owasp.org/index.php/Content_Security_Policy # Add Content-Security-Policy, see https://www.owasp.org/index.php/Content_Security_Policy
response['Content-Security-Policy'] = ( response['Content-Security-Policy'] = (
"default-src 'self' 'unsafe-inline' 'unsafe-eval' uds: udss:; img-src 'self' https: data:;" "default-src 'self' 'unsafe-inline' 'unsafe-eval' uds: udss:; img-src 'self' https: data:; frame-ancestors 'none';"
) )
return response return response