From 49a6168607e1c0762f02d18773241155848c01b7 Mon Sep 17 00:00:00 2001
From: spikecodes <19519553+spikecodes@users.noreply.github.com>
Date: Fri, 29 Jan 2021 14:39:03 -0800
Subject: [PATCH] Improve CSP
---
src/main.rs | 3 +--
templates/base.html | 4 +---
2 files changed, 2 insertions(+), 5 deletions(-)
diff --git a/src/main.rs b/src/main.rs
index ec479f2..40f828c 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -21,7 +21,6 @@ async fn style() -> HttpResponse {
async fn robots() -> HttpResponse {
HttpResponse::Ok()
- .content_type("text/plain")
.header("Cache-Control", "public, max-age=1209600, s-maxage=86400")
.body("User-agent: *\nAllow: /")
}
@@ -73,7 +72,7 @@ async fn main() -> std::io::Result<()> {
.header("Referrer-Policy", "no-referrer")
.header("X-Content-Type-Options", "nosniff")
.header("X-Frame-Options", "DENY")
- .header("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; base-uri 'none'; img-src 'self' data:; form-action 'self'; frame-ancestors: 'none';"))
+ .header("Content-Security-Policy", "default-src 'none'; style-src 'self' 'unsafe-inline'; base-uri 'none'; img-src 'self' data:; form-action 'self'; frame-ancestors 'none';"))
// Default service in case no routes match
.default_service(web::get().to(|| utils::error("Nothing here".to_string())))
// Read static files
diff --git a/templates/base.html b/templates/base.html
index 2eccb53..7764eae 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -3,13 +3,11 @@
{% block head %}
{% block title %}Libreddit{% endblock %}
-
-
-
+
{% endblock %}