Add X-Frame-Options, X-XSS-Protection, and X-Content-Type-Options

pull/186/head
Omar Roth 2018-09-05 21:06:30 -05:00
rodzic a749ac73ac
commit 96234e509f
2 zmienionych plików z 15 dodań i 0 usunięć

Wyświetl plik

@ -106,6 +106,9 @@ spawn do
end
before_all do |env|
env.response.headers["X-XSS-Protection"] = "1; mode=block;"
env.response.headers["X-Content-Type-Options"] = "nosniff"
# CSRF
if Kemal.config.ssl || CONFIG.https_only
host = env.request.headers["Host"]?
@ -2945,6 +2948,7 @@ public_folder "assets"
Kemal.config.powered_by_header = false
add_handler FilteredCompressHandler.new
add_handler DenyFrame.new
add_context_storage_type(User)
Kemal.run

Wyświetl plik

@ -41,6 +41,17 @@ class FilteredCompressHandler < Kemal::Handler
end
end
class DenyFrame < Kemal::Handler
exclude ["/embed/*"]
def call(env)
return call_next env if exclude_match? env
env.response.headers["X-Frame-Options"] = "sameorigin"
call_next env
end
end
def rank_videos(db, n, filter, url)
top = [] of {Float64, String}