michael/pyfedi
1
0
Fork 0
mirror of https://codeberg.org/rimu/pyfedi synced 2025-01-23 11:26:56 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

disable xss protection on registration form to ensure captcha works

Browse source
This commit is contained in:
rimu 2024-01-18 15:26:37 +13:00
parent 8aa3f0d9af
commit 20997bd258
1 changed files with 6 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
pyfedi.py
View file

@ -4,7 +4,7 @@ from flask_babel import get_locale
from app import create_app, db, cli
import os, click
from flask import session, g, json
from flask import session, g, json, request
from app.constants import POST_TYPE_LINK, POST_TYPE_IMAGE, POST_TYPE_ARTICLE
from app.models import Site
from app.utils import getmtime, gibberish, shorten_string, shorten_url, digits, user_access, community_membership, \
@ -51,8 +51,9 @@ def before_request():
@app.after_request
def after_request(response):
response.headers['Content-Security-Policy'] = f"script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'nonce-{session['nonce']}'"
response.headers['Strict-Transport-Security'] = 'max-age=63072000; includeSubDomains; preload'
response.headers['X-Content-Type-Options'] = 'nosniff'
response.headers['X-Frame-Options'] = 'DENY'
if 'auth/register' not in request.path:
response.headers['Content-Security-Policy'] = f"script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'nonce-{session['nonce']}'"
response.headers['Strict-Transport-Security'] = 'max-age=63072000; includeSubDomains; preload'
response.headers['X-Content-Type-Options'] = 'nosniff'
response.headers['X-Frame-Options'] = 'DENY'
return response