AGentooCat/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Console: Add security headers to XHR targets

Browse Source
This commit is contained in:
zzz
2020-03-01 17:57:05 +00:00
parent d38c660c36
commit 5455820a74
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
apps/routerconsole/jsp/welcomexhr1.jsp
View File

@@ -7,6 +7,11 @@
i2pcontextId = (String) session.getAttribute("i2p.contextId");
}
} catch (IllegalStateException ise) {}
// Browser should not load this directly
response.setHeader("X-Frame-Options", "DENY");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'none'; script-src 'none'; form-action 'none'; frame-ancestors 'none'; object-src 'none'; media-src 'none'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
wizhelper.setContextId(i2pcontextId);
// output 1 for complete, 0 + status string for in progress
if (wizhelper.isNDTComplete()) {

4
apps/routerconsole/jsp/xhr1.jsp
View File

@@ -13,6 +13,10 @@
i2pcontextId = (String) session.getAttribute("i2p.contextId");
}
} catch (IllegalStateException ise) {}
// Browser should not load this directly
response.setHeader("X-Frame-Options", "DENY");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'none'; script-src 'none'; form-action 'none'; frame-ancestors 'none'; object-src 'none'; media-src 'none'");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("X-Content-Type-Options", "nosniff");
%>
<jsp:useBean class="net.i2p.router.web.CSSHelper" id="intl" scope="request" />