oss/miniflux-v2
oss/miniflux-v2
1
0
Fork 0
mirror of https://github.com/miniflux/v2.git synced 2025-09-15 18:57:04 +00:00
Code Wiki Activity

Avoid extra HTTP request for fetching custom stylesheet

Browse source 
Use inline CSS with a nonce and move CSP headers to a meta tag.
This commit is contained in:
Frédéric Guillot 2021-05-31 14:16:50 -07:00 committed by fguillot
parent 09be3d2bac
commit dd3f496d06
5 changed files with 14 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

1
http/response/builder.go
View file

@ -96,7 +96,6 @@ func (b *Builder) writeHeaders() {
b.headers["X-XSS-Protection"] = "1; mode=block"
b.headers["X-Content-Type-Options"] = "nosniff"
b.headers["X-Frame-Options"] = "DENY"
b.headers["Content-Security-Policy"] = "default-src 'self'; img-src * data:; media-src *; frame-src *"
b.headers["Referrer-Policy"] = "no-referrer"
for key, value := range b.headers {

7
http/response/builder_test.go
View file

@ -29,10 +29,9 @@ func TestResponseHasCommonHeaders(t *testing.T) {
resp := w.Result()
headers := map[string]string{
"X-XSS-Protection": "1; mode=block",
"X-Content-Type-Options": "nosniff",
"X-Frame-Options": "DENY",
"Content-Security-Policy": "default-src 'self'; img-src * data:; media-src *; frame-src *",
"X-XSS-Protection": "1; mode=block",
"X-Content-Type-Options": "nosniff",
"X-Frame-Options": "DENY",
}
for header, expected := range headers {