From 2e75e08879ec38880f18d12fbf7b27bfc409d1c0 Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Tue, 26 Mar 2019 10:23:31 -0500 Subject: [PATCH] added httpheaders.py --- onionr/onionrservices/httpheaders.py | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 onionr/onionrservices/httpheaders.py diff --git a/onionr/onionrservices/httpheaders.py b/onionr/onionrservices/httpheaders.py new file mode 100644 index 00000000..2b2c1770 --- /dev/null +++ b/onionr/onionrservices/httpheaders.py @@ -0,0 +1,28 @@ +''' + Onionr - P2P Anonymous Storage Network + + Set default onionr http headers +''' +''' + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +''' +def set_default_onionr_http_headers(flask_response): + '''Response headers''' + flask_response.headers['Content-Security-Policy'] = "default-src 'none'; style-src data: 'unsafe-inline'; img-src data:" + flask_response.headers['X-Frame-Options'] = 'deny' + flask_response.headers['X-Content-Type-Options'] = "nosniff" + flask_response.headers['Server'] = '' + flask_response.headers['Date'] = 'Thu, 1 Jan 1970 00:00:00 GMT' # Clock info is probably useful to attackers. Set to unix epoch. + flask_response.headers['Connection'] = "close" + return flask_response \ No newline at end of file