skorotkiewicz/rDrama
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #16 from Aevann1/headers

Browse source 
Headers
This commit is contained in:
Aevann1 2021-08-13 23:25:33 +02:00 committed by GitHub
commit 8ffcb97f49
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

15
files/__main__.py
View file

@ -213,9 +213,11 @@ def before_request():
g.timestamp = int(time.time())
#do not access session for static files
if request.path.startswith("/assets"): return
if not request.path.startswith("/assets"):
session.permanent = True
session.permanent = True
if not session.get("session_id"):
session["session_id"] = secrets.token_hex(16)
ua_banned, response_tuple = get_useragent_ban_response(
request.headers.get("User-Agent", "NoAgent"))
@ -227,9 +229,6 @@ def before_request():
url = request.url.replace("http://", "https://", 1)
return redirect(url, code=301)
if not session.get("session_id"):
session["session_id"] = secrets.token_hex(16)
ua=request.headers.get("User-Agent","")
if "CriOS/" in ua:
g.system="ios/chrome"
@ -256,6 +255,12 @@ def after_request(response):
print(e)
abort(500)
response.headers.add("Strict-Transport-Security", "max-age=31536000")
response.headers.add("Referrer-Policy", "same-origin")
response.headers.add("Feature-Policy", "geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';")
response.headers.add("X-Frame-Options", "deny")
return response