mirror of
https://github.com/iv-org/invidious.git
synced 2024-12-14 06:10:35 +05:30
parent
4f91854bd3
commit
e590d39aa9
@ -106,21 +106,6 @@ spawn do
|
|||||||
end
|
end
|
||||||
|
|
||||||
before_all do |env|
|
before_all do |env|
|
||||||
env.response.headers["X-XSS-Protection"] = "1; mode=block;"
|
|
||||||
env.response.headers["X-Content-Type-Options"] = "nosniff"
|
|
||||||
|
|
||||||
# CSRF
|
|
||||||
if Kemal.config.ssl || CONFIG.https_only
|
|
||||||
host = env.request.headers["Host"]?
|
|
||||||
|
|
||||||
if (env.request.headers["Origin"]?.try &.== host) ||
|
|
||||||
(env.request.headers["Referer"]?.try &.== host)
|
|
||||||
# All good!
|
|
||||||
else
|
|
||||||
halt env, status_code: 403, response: "Failed CSRF check"
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
if env.request.cookies.has_key? "SID"
|
if env.request.cookies.has_key? "SID"
|
||||||
headers = HTTP::Headers.new
|
headers = HTTP::Headers.new
|
||||||
headers["Cookie"] = env.request.headers["Cookie"]
|
headers["Cookie"] = env.request.headers["Cookie"]
|
||||||
|
Loading…
Reference in New Issue
Block a user