Add X-XSS-Protection and X-Content-Type-Options

2018-09-05 21:51:40 -05:00
parent e590d39aa9
commit e6d2166bac
1 changed files with 3 additions and 0 deletions
--- a/src/invidious.cr
+++ b/src/invidious.cr
@@ -106,6 +106,9 @@ spawn do
 end
 before_all do |env|
  env.response.headers["X-XSS-Protection"] = "1; mode=block;"
  env.response.headers["X-Content-Type-Options"] = "nosniff"
  if env.request.cookies.has_key? "SID"
    headers = HTTP::Headers.new
    headers["Cookie"] = env.request.headers["Cookie"]