mirror of
https://gitea.invidious.io/iv-org/invidious-copy-2023-06-08.git
synced 2024-08-15 00:53:38 +00:00
Fix CSP for subdomains
This commit is contained in:
parent
fd8af88493
commit
ddfd20d997
1 changed files with 2 additions and 1 deletions
|
@ -187,9 +187,10 @@ end
|
||||||
proxies = PROXY_LIST
|
proxies = PROXY_LIST
|
||||||
|
|
||||||
before_all do |env|
|
before_all do |env|
|
||||||
|
host_url = make_host_url(config, Kemal.config)
|
||||||
env.response.headers["X-XSS-Protection"] = "1; mode=block;"
|
env.response.headers["X-XSS-Protection"] = "1; mode=block;"
|
||||||
env.response.headers["X-Content-Type-Options"] = "nosniff"
|
env.response.headers["X-Content-Type-Options"] = "nosniff"
|
||||||
env.response.headers["Content-Security-Policy"] = "default-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval'; media-src blob: 'self' https://*.googlevideo.com:443"
|
env.response.headers["Content-Security-Policy"] = "default-src blob: data: 'self' #{host_url} 'unsafe-inline' 'unsafe-eval'; media-src blob: 'self' #{host_url} https://*.googlevideo.com:443"
|
||||||
env.response.headers["Referrer-Policy"] = "same-origin"
|
env.response.headers["Referrer-Policy"] = "same-origin"
|
||||||
|
|
||||||
if Kemal.config.ssl || config.https_only
|
if Kemal.config.ssl || config.https_only
|
||||||
|
|
Loading…
Reference in a new issue