Add X-XSS-Protection and X-Content-Type-Options

author: Omar Roth <omarroth@hotmail.com> 2018-09-05 21:51:40 -0500
committer: Omar Roth <omarroth@hotmail.com> 2018-09-05 21:51:40 -0500
commit: e6d2166bacf9398930020025e77ba6a2209d502e (patch)
tree: cf4f9805298a83de7f85ddbfdc7fd1503acbc324 /src
parent: e590d39aa9a29577ad21c5d0bcf29f39cd9709f2 (diff)
download: invidious-e6d2166bacf9398930020025e77ba6a2209d502e.tar.gz
invidious-e6d2166bacf9398930020025e77ba6a2209d502e.tar.bz2
invidious-e6d2166bacf9398930020025e77ba6a2209d502e.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/src/invidious.cr b/src/invidious.cr
index 433c84c7..8fa9f581 100644
--- a/src/invidious.cr
+++ b/src/invidious.cr
@@ -106,6 +106,9 @@ spawn do
 end
 
 before_all do |env|
+  env.response.headers["X-XSS-Protection"] = "1; mode=block;"
+  env.response.headers["X-Content-Type-Options"] = "nosniff"
+
   if env.request.cookies.has_key? "SID"
     headers = HTTP::Headers.new
     headers["Cookie"] = env.request.headers["Cookie"]
author	Omar Roth <omarroth@hotmail.com>	2018-09-05 21:51:40 -0500
committer	Omar Roth <omarroth@hotmail.com>	2018-09-05 21:51:40 -0500
commit	e6d2166bacf9398930020025e77ba6a2209d502e (patch)
tree	cf4f9805298a83de7f85ddbfdc7fd1503acbc324 /src
parent	e590d39aa9a29577ad21c5d0bcf29f39cd9709f2 (diff)
download	invidious-e6d2166bacf9398930020025e77ba6a2209d502e.tar.gz invidious-e6d2166bacf9398930020025e77ba6a2209d502e.tar.bz2 invidious-e6d2166bacf9398930020025e77ba6a2209d502e.zip