GuanM/tabby-web
1
0
Fork 0
mirror of https://github.com/Eugeny/tabby-web.git synced 2025-06-07 21:19:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

updated CSP

Browse Source
This commit is contained in:
Eugene Pankov 2022-11-08 10:50:05 +01:00
parent b95b612a0b
commit 6379814a08
No known key found for this signature in database
GPG Key ID: 5896FCBBDD1CF4F4
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
backend/tabby/app/views.py
View File

@ -26,6 +26,7 @@ class TerminalView(APIView):
response = static.serve( response = static.serve(
request, "terminal.html", document_root=str(settings.STATIC_ROOT) request, "terminal.html", document_root=str(settings.STATIC_ROOT)
) )
response["Content-Security-Policy"] = "frame-ancestors 'self' https://tabby.sh;"
response["X-Frame-Options"] = "SAMEORIGIN" response["X-Frame-Options"] = "SAMEORIGIN"
return response return response
@ -35,7 +36,8 @@ class DemoView(APIView):
response = static.serve( response = static.serve(
request, "demo.html", document_root=str(settings.STATIC_ROOT) request, "demo.html", document_root=str(settings.STATIC_ROOT)
) )
response["Content-Security-Policy"] = "frame-ancestors https://tabby.sh" response["Content-Security-Policy"] = "frame-ancestors 'self' https://tabby.sh;"
response['X-Frame-Options'] = 'ALLOW-FROM https://tabby.sh'
return response return response