Provide a content security policy
This commit is contained in:
parent
7a8eb5df45
commit
e06255cd8f
11
src/main.rs
11
src/main.rs
|
@ -7,7 +7,7 @@ use actix_diesel::dsl::AsyncRunQueryDsl;
|
|||
use actix_diesel::Database;
|
||||
use actix_web::error::InternalError;
|
||||
use actix_web::fs::{NamedFile, StaticFiles};
|
||||
use actix_web::http::header::{LOCATION, X_FRAME_OPTIONS};
|
||||
use actix_web::http::header::{CONTENT_SECURITY_POLICY, LOCATION, X_FRAME_OPTIONS};
|
||||
use actix_web::http::{Method, StatusCode};
|
||||
use actix_web::middleware::{DefaultHeaders, Logger};
|
||||
use actix_web::{server, App, AsyncResponder, Form, HttpResponse, Path, State};
|
||||
|
@ -191,7 +191,14 @@ fn main() -> io::Result<()> {
|
|||
server::new(move || {
|
||||
App::with_state(db.clone())
|
||||
.middleware(Logger::default())
|
||||
.middleware(DefaultHeaders::new().header(X_FRAME_OPTIONS, "DENY"))
|
||||
.middleware(
|
||||
DefaultHeaders::new()
|
||||
.header(
|
||||
CONTENT_SECURITY_POLICY,
|
||||
"default-src 'self'; object-src 'none'",
|
||||
)
|
||||
.header(X_FRAME_OPTIONS, "DENY"),
|
||||
)
|
||||
.resource("/", |r| {
|
||||
r.method(Method::GET).with(index);
|
||||
r.method(Method::POST).with(insert_paste);
|
||||
|
|
Loading…
Reference in New Issue
Block a user