ipsilon

Clone
Source Code
GIT

#270 Fix frame-options in CSP
Merged 7 years ago by apollo13. Opened 7 years ago by apollo13.
apollo13/ipsilon frame_options  into  master

file modified
+3 -3 
@@ -14,14 +14,14 @@ 
 

  

  def allow_iframe(func):
 

      """
 

-     Remove the X-Frame-Options and CSP frame-options deny headers.
 

+     Remove the X-Frame-Options and CSP frame-ancestors deny headers.
 

      """
 

      @wraps(func)
 

      def wrapper(*args, **kwargs):
 

          result = func(*args, **kwargs)
 

          for (header, value) in [
 

                  ('X-Frame-Options', 'deny'),
 

-                 ('Content-Security-Policy', 'frame-options \'deny\'')]:
 

+                 ('Content-Security-Policy', 'frame-ancestors \'none\'')]:
 

              if cherrypy.response.headers.get(header, None) == value:
 

                  cherrypy.response.headers.pop(header, None)
 

          return result
 
@@ -37,7 +37,7 @@ 
 

          self.default_headers = {
 

              'Cache-Control': 'no-cache, no-store, must-revalidate, private',
 

              'Pragma': 'no-cache',
 

-             'Content-Security-Policy': 'frame-options \'deny\'',
 

+             'Content-Security-Policy': 'frame-ancestors \'none\'',
 

              'X-Frame-Options': 'deny',
 

          }
 

          self.auth_protect = False

no initial comment

rebased
7 years ago

rebased
7 years ago

+1

Commit 6ffed07 fixes this pull-request

Pull-Request has been merged by florian@apolloner.eu
7 years ago
Changes Summary 1
+3 -3
file changed
ipsilon/util/endpoint.py
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.