mirrors/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2025-11-23 09:55:29 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Add Origin header checks

Browse Source
This commit is contained in:
Omar Roth
2018-11-07 23:05:50 -06:00
parent 103949c61e
commit 2be240767c
2 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/invidious.cr
View File

@@ -128,6 +128,15 @@ if CONFIG.geo_bypass
end
before_all do |env|
if CONFIG.domains && env.request.headers["Origin"]?
origin = env.request.headers["Origin"]
domains = CONFIG.domains.not_nil!
if !domains.includes? origin
halt env, status_code: 403
end
end
env.response.headers["X-XSS-Protection"] = "1; mode=block;"
env.response.headers["X-Content-Type-Options"] = "nosniff"