Skip to content

Commit

Permalink
feat(backend): add privacy HTTP headers
Browse files Browse the repository at this point in the history
  • Loading branch information
@ravenclaw900
ravenclaw900 committed Apr 2, 2022
1 parent 9f896d7 commit 52f8e16
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 4 deletions.
16 changes: 14 additions & 2 deletions src/backend/src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ use crate::shared::CONFIG;
use sha2::{Digest, Sha512};
use simple_logger::SimpleLogger;
use std::str::FromStr;
use warp::Filter;
use warp::{http::header, Filter};

mod config;
mod page_handlers;
Expand Down Expand Up @@ -31,6 +31,18 @@ fn main() {
.init()
.unwrap();

#[cfg(feature = "frontend")]
let mut headers = header::HeaderMap::new();
#[cfg(feature = "frontend")]
{
headers.insert(header::X_CONTENT_TYPE_OPTIONS, header::HeaderValue::from_static("nosniff"));
headers.insert(header::X_FRAME_OPTIONS, header::HeaderValue::from_static("sameorigin"));
headers.insert("X-Robots-Tag", header::HeaderValue::from_static("none"));
headers.insert("X-Permitted-Cross-Domain_Policies", header::HeaderValue::from_static("none"));
headers.insert(header::REFERRER_POLICY, header::HeaderValue::from_static("no-referrer"));
headers.insert("Content-Security-Policy", header::HeaderValue::from_static("default-src 'self'; font-src 'self'; img-src 'self' blob:; script-src 'self'; style-src 'unsafe-inline' 'self'; connect-src * ws:;"));
}

#[cfg(feature = "frontend")]
let favicon_route = warp::path("favicon.png").map(|| {
warp::reply::with_header(
Expand Down Expand Up @@ -116,7 +128,7 @@ fn main() {
#[cfg(feature = "frontend")]
let main_route = warp::any().map(|| {
warp::reply::html(DIR.get_file("index.html").unwrap().contents_utf8().unwrap())
});
}).with(warp::reply::with::headers(headers));

#[cfg(feature = "frontend")]
let page_routes = favicon_route
Expand Down
2 changes: 0 additions & 2 deletions src/frontend/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,6 @@

<head>
<meta charset="UTF-8" />
<meta http-equiv="Content-Security-Policy"
content="default-src 'self'; font-src 'self'; img-src 'self' blob:; script-src 'self'; style-src 'unsafe-inline' 'self'; connect-src * ws:;" />
<link rel="icon" href="/favicon.png" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>DietPi Dashboard</title>
Expand Down

0 comments on commit 52f8e16

Please sign in to comment.