iv-org-mirror/invidious-copy-2022-04-11
1
0
Fork 0
mirror of https://gitea.invidious.io/iv-org/invidious-copy-2022-04-11.git synced 2024-08-15 00:43:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add X-Frame-Options, X-XSS-Protection, and X-Content-Type-Options

Browse source
This commit is contained in:
Omar Roth 2018-09-05 21:06:30 -05:00
parent a749ac73ac
commit 96234e509f
2 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/invidious.cr
View file

@ -106,6 +106,9 @@ spawn do
end
before_all do |env|
env.response.headers["X-XSS-Protection"] = "1; mode=block;"
env.response.headers["X-Content-Type-Options"] = "nosniff"
# CSRF
if Kemal.config.ssl || CONFIG.https_only
host = env.request.headers["Host"]?
@ -2945,6 +2948,7 @@ public_folder "assets"
Kemal.config.powered_by_header = false
add_handler FilteredCompressHandler.new
add_handler DenyFrame.new
add_context_storage_type(User)
Kemal.run

11
src/invidious/helpers/helpers.cr
View file

@ -41,6 +41,17 @@ class FilteredCompressHandler < Kemal::Handler
end
end
class DenyFrame < Kemal::Handler
exclude ["/embed/*"]
def call(env)
return call_next env if exclude_match? env
env.response.headers["X-Frame-Options"] = "sameorigin"
call_next env
end
end
def rank_videos(db, n, filter, url)
top = [] of {Float64, String}