Browse Source

修改frame规则

pull/4/head
欧醚 4 years ago
parent
commit
6bd0848a0b
3 changed files with 4 additions and 5 deletions
  1. +1
    -2
      app/javascript/mastodon/components/media_gallery.js
  2. +2
    -2
      config/environments/production.rb
  3. +1
    -1
      config/initializers/content_security_policy.rb

+ 1
- 2
app/javascript/mastodon/components/media_gallery.js View File

@ -187,8 +187,7 @@ class Item extends React.PureComponent {
<iframe
src={descrip}
width='100%'
height='100%'
scrolling='no'
height='100%'
onLoad={this.handleImageLoad}
></iframe>
)

+ 2
- 2
config/environments/production.rb View File

@ -104,8 +104,8 @@ Rails.application.configure do
config.action_mailer.delivery_method = ENV.fetch('SMTP_DELIVERY_METHOD', 'smtp').to_sym
config.action_dispatch.default_headers = {
'Server' => 'Mastodon',
'X-Frame-Options' => 'DENY',
'Server' => 'ClosedSocial',
'X-Frame-Options' => 'SAMEORIGIN',
'X-Content-Type-Options' => 'nosniff',
'X-XSS-Protection' => '1; mode=block',
}

+ 1
- 1
config/initializers/content_security_policy.rb View File

@ -19,7 +19,7 @@ media_host ||= assets_host
Rails.application.config.content_security_policy do |p|
p.base_uri :none
p.default_src :none
p.frame_ancestors :none
p.frame_ancestors '*.closed.social', 'closed.social'
p.font_src :self, assets_host
p.img_src :self, :https, :data, :blob, assets_host
p.style_src :self, :unsafe_inline, assets_host

Loading…
Cancel
Save