summaryrefslogtreecommitdiff
path: root/httpd.c
diff options
context:
space:
mode:
Diffstat (limited to 'httpd.c')
-rw-r--r--httpd.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/httpd.c b/httpd.c
index 5a38aff..22a148d 100644
--- a/httpd.c
+++ b/httpd.c
@@ -211,6 +211,8 @@ int server_get_handler(xs_dict *req, const char *q_path,
211{ 211{
212 int status = 0; 212 int status = 0;
213 213
214 const snac *user = NULL;
215
214 /* is it the server root? */ 216 /* is it the server root? */
215 if (*q_path == '\0' || strcmp(q_path, "/") == 0) { 217 if (*q_path == '\0' || strcmp(q_path, "/") == 0) {
216 const xs_dict *q_vars = xs_dict_get(req, "q_vars"); 218 const xs_dict *q_vars = xs_dict_get(req, "q_vars");
@@ -553,6 +555,9 @@ void httpd_connection(FILE *f)
553 headers = xs_dict_append(headers, "access-control-allow-origin", "*"); 555 headers = xs_dict_append(headers, "access-control-allow-origin", "*");
554 headers = xs_dict_append(headers, "access-control-allow-headers", "*"); 556 headers = xs_dict_append(headers, "access-control-allow-headers", "*");
555 557
558 /* disable any form of fucking JavaScript */
559 headers = xs_dict_append(headers, "Content-Security-Policy", "script-src ;");
560
556 if (p_state->use_fcgi) 561 if (p_state->use_fcgi)
557 xs_fcgi_response(f, status, headers, body, b_size, fcgi_id); 562 xs_fcgi_response(f, status, headers, body, b_size, fcgi_id);
558 else 563 else
HIC SVNT DRACONES