Provide a content security policy
This commit is contained in:
parent
7a8eb5df45
commit
e06255cd8f
11
src/main.rs
11
src/main.rs
|
@ -7,7 +7,7 @@ use actix_diesel::dsl::AsyncRunQueryDsl;
|
||||||
use actix_diesel::Database;
|
use actix_diesel::Database;
|
||||||
use actix_web::error::InternalError;
|
use actix_web::error::InternalError;
|
||||||
use actix_web::fs::{NamedFile, StaticFiles};
|
use actix_web::fs::{NamedFile, StaticFiles};
|
||||||
use actix_web::http::header::{LOCATION, X_FRAME_OPTIONS};
|
use actix_web::http::header::{CONTENT_SECURITY_POLICY, LOCATION, X_FRAME_OPTIONS};
|
||||||
use actix_web::http::{Method, StatusCode};
|
use actix_web::http::{Method, StatusCode};
|
||||||
use actix_web::middleware::{DefaultHeaders, Logger};
|
use actix_web::middleware::{DefaultHeaders, Logger};
|
||||||
use actix_web::{server, App, AsyncResponder, Form, HttpResponse, Path, State};
|
use actix_web::{server, App, AsyncResponder, Form, HttpResponse, Path, State};
|
||||||
|
@ -191,7 +191,14 @@ fn main() -> io::Result<()> {
|
||||||
server::new(move || {
|
server::new(move || {
|
||||||
App::with_state(db.clone())
|
App::with_state(db.clone())
|
||||||
.middleware(Logger::default())
|
.middleware(Logger::default())
|
||||||
.middleware(DefaultHeaders::new().header(X_FRAME_OPTIONS, "DENY"))
|
.middleware(
|
||||||
|
DefaultHeaders::new()
|
||||||
|
.header(
|
||||||
|
CONTENT_SECURITY_POLICY,
|
||||||
|
"default-src 'self'; object-src 'none'",
|
||||||
|
)
|
||||||
|
.header(X_FRAME_OPTIONS, "DENY"),
|
||||||
|
)
|
||||||
.resource("/", |r| {
|
.resource("/", |r| {
|
||||||
r.method(Method::GET).with(index);
|
r.method(Method::GET).with(index);
|
||||||
r.method(Method::POST).with(insert_paste);
|
r.method(Method::POST).with(insert_paste);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user