Improve CSP
This commit is contained in:
parent
f55ea5a353
commit
49a6168607
2 changed files with 2 additions and 5 deletions
|
@ -21,7 +21,6 @@ async fn style() -> HttpResponse {
|
||||||
|
|
||||||
async fn robots() -> HttpResponse {
|
async fn robots() -> HttpResponse {
|
||||||
HttpResponse::Ok()
|
HttpResponse::Ok()
|
||||||
.content_type("text/plain")
|
|
||||||
.header("Cache-Control", "public, max-age=1209600, s-maxage=86400")
|
.header("Cache-Control", "public, max-age=1209600, s-maxage=86400")
|
||||||
.body("User-agent: *\nAllow: /")
|
.body("User-agent: *\nAllow: /")
|
||||||
}
|
}
|
||||||
|
@ -73,7 +72,7 @@ async fn main() -> std::io::Result<()> {
|
||||||
.header("Referrer-Policy", "no-referrer")
|
.header("Referrer-Policy", "no-referrer")
|
||||||
.header("X-Content-Type-Options", "nosniff")
|
.header("X-Content-Type-Options", "nosniff")
|
||||||
.header("X-Frame-Options", "DENY")
|
.header("X-Frame-Options", "DENY")
|
||||||
.header("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; base-uri 'none'; img-src 'self' data:; form-action 'self'; frame-ancestors: 'none';"))
|
.header("Content-Security-Policy", "default-src 'none'; style-src 'self' 'unsafe-inline'; base-uri 'none'; img-src 'self' data:; form-action 'self'; frame-ancestors 'none';"))
|
||||||
// Default service in case no routes match
|
// Default service in case no routes match
|
||||||
.default_service(web::get().to(|| utils::error("Nothing here".to_string())))
|
.default_service(web::get().to(|| utils::error("Nothing here".to_string())))
|
||||||
// Read static files
|
// Read static files
|
||||||
|
|
|
@ -3,13 +3,11 @@
|
||||||
<head>
|
<head>
|
||||||
{% block head %}
|
{% block head %}
|
||||||
<title>{% block title %}Libreddit{% endblock %}</title>
|
<title>{% block title %}Libreddit{% endblock %}</title>
|
||||||
<meta http-equiv="Referrer-Policy" content="no-referrer">
|
|
||||||
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src 'self' 'unsafe-inline'; base-uri 'none'; img-src 'self' data:; form-action 'self'; frame-ancestors: 'none';">
|
|
||||||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
||||||
<meta name="description" content="View on Libreddit, an alternative private front-end to Reddit.">
|
<meta name="description" content="View on Libreddit, an alternative private front-end to Reddit.">
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">
|
<link rel="shortcut icon" type="image/x-icon" href="/favicon.ico">
|
||||||
<link rel="stylesheet" href="/style.css">
|
<link rel="stylesheet" type="text/css" href="/style.css">
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
</head>
|
</head>
|
||||||
<body class="
|
<body class="
|
||||||
|
|
Loading…
Reference in a new issue