pictuga
/
morss
1
1
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity

morss: restrict iframe use from :get to avoid abuse

master
pictuga 2020-06-09 12:33:37 +02:00
parent 985185f47f
commit c1b1f5f58a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
morss/morss.py
View File

@ -605,7 +605,7 @@ def cgi_get(environ, start_response):
output = req['data'] output = req['data']
# return html page # return html page
headers = {'status': '200 OK', 'content-type': 'text/html; charset=utf-8'} headers = {'status': '200 OK', 'content-type': 'text/html; charset=utf-8', 'X-Frame-Options': 'SAMEORIGIN'} # SAMEORIGIN to avoid potential abuse
start_response(headers['status'], list(headers.items())) start_response(headers['status'], list(headers.items()))
return [output] return [output]