Skip to content

Commit 2f27a57

Browse files
axflaaxfla
authored
Merge commit from fork
1 parent 738ac93 commit 2f27a57

File tree

1 file changed

+36
-3
lines changed

1 file changed

+36
-3
lines changed

src/confighttp.cpp

Lines changed: 36 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,8 @@ namespace confighttp {
8181
void send_response(resp_https_t response, const nlohmann::json &output_tree) {
8282
SimpleWeb::CaseInsensitiveMultimap headers;
8383
headers.emplace("Content-Type", "application/json");
84-
84+
headers.emplace("X-Frame-Options", "DENY");
85+
headers.emplace("Content-Security-Policy", "frame-ancestors 'none';");
8586
response->write(output_tree.dump(), headers);
8687
}
8788

@@ -103,7 +104,9 @@ namespace confighttp {
103104

104105
const SimpleWeb::CaseInsensitiveMultimap headers {
105106
{"Content-Type", "application/json"},
106-
{"WWW-Authenticate", R"(Basic realm="Sunshine Gamestream Host", charset="UTF-8")"}
107+
{"WWW-Authenticate", R"(Basic realm="Sunshine Gamestream Host", charset="UTF-8")"},
108+
{"X-Frame-Options", "DENY"},
109+
{"Content-Security-Policy", "frame-ancestors 'none';"}
107110
};
108111

109112
response->write(code, tree.dump(), headers);
@@ -119,7 +122,9 @@ namespace confighttp {
119122
auto address = net::addr_to_normalized_string(request->remote_endpoint().address());
120123
BOOST_LOG(info) << "Web UI: ["sv << address << "] -- not authorized"sv;
121124
const SimpleWeb::CaseInsensitiveMultimap headers {
122-
{"Location", path}
125+
{"Location", path},
126+
{"X-Frame-Options", "DENY"},
127+
{"Content-Security-Policy", "frame-ancestors 'none';"}
123128
};
124129
response->write(SimpleWeb::StatusCode::redirection_temporary_redirect, headers);
125130
}
@@ -189,6 +194,8 @@ namespace confighttp {
189194

190195
SimpleWeb::CaseInsensitiveMultimap headers;
191196
headers.emplace("Content-Type", "application/json");
197+
headers.emplace("X-Frame-Options", "DENY");
198+
headers.emplace("Content-Security-Policy", "frame-ancestors 'none';");
192199

193200
response->write(code, tree.dump(), headers);
194201
}
@@ -209,6 +216,8 @@ namespace confighttp {
209216

210217
SimpleWeb::CaseInsensitiveMultimap headers;
211218
headers.emplace("Content-Type", "application/json");
219+
headers.emplace("X-Frame-Options", "DENY");
220+
headers.emplace("Content-Security-Policy", "frame-ancestors 'none';");
212221

213222
response->write(code, tree.dump(), headers);
214223
}
@@ -262,6 +271,8 @@ namespace confighttp {
262271
std::string content = file_handler::read_file(WEB_DIR "index.html");
263272
SimpleWeb::CaseInsensitiveMultimap headers;
264273
headers.emplace("Content-Type", "text/html; charset=utf-8");
274+
headers.emplace("X-Frame-Options", "DENY");
275+
headers.emplace("Content-Security-Policy", "frame-ancestors 'none';");
265276
response->write(content, headers);
266277
}
267278

@@ -280,6 +291,8 @@ namespace confighttp {
280291
std::string content = file_handler::read_file(WEB_DIR "pin.html");
281292
SimpleWeb::CaseInsensitiveMultimap headers;
282293
headers.emplace("Content-Type", "text/html; charset=utf-8");
294+
headers.emplace("X-Frame-Options", "DENY");
295+
headers.emplace("Content-Security-Policy", "frame-ancestors 'none';");
283296
response->write(content, headers);
284297
}
285298

@@ -298,6 +311,8 @@ namespace confighttp {
298311
std::string content = file_handler::read_file(WEB_DIR "apps.html");
299312
SimpleWeb::CaseInsensitiveMultimap headers;
300313
headers.emplace("Content-Type", "text/html; charset=utf-8");
314+
headers.emplace("X-Frame-Options", "DENY");
315+
headers.emplace("Content-Security-Policy", "frame-ancestors 'none';");
301316
headers.emplace("Access-Control-Allow-Origin", "https://images.igdb.com/");
302317
response->write(content, headers);
303318
}
@@ -317,6 +332,8 @@ namespace confighttp {
317332
std::string content = file_handler::read_file(WEB_DIR "clients.html");
318333
SimpleWeb::CaseInsensitiveMultimap headers;
319334
headers.emplace("Content-Type", "text/html; charset=utf-8");
335+
headers.emplace("X-Frame-Options", "DENY");
336+
headers.emplace("Content-Security-Policy", "frame-ancestors 'none';");
320337
response->write(content, headers);
321338
}
322339

@@ -335,6 +352,8 @@ namespace confighttp {
335352
std::string content = file_handler::read_file(WEB_DIR "config.html");
336353
SimpleWeb::CaseInsensitiveMultimap headers;
337354
headers.emplace("Content-Type", "text/html; charset=utf-8");
355+
headers.emplace("X-Frame-Options", "DENY");
356+
headers.emplace("Content-Security-Policy", "frame-ancestors 'none';");
338357
response->write(content, headers);
339358
}
340359

@@ -353,6 +372,8 @@ namespace confighttp {
353372
std::string content = file_handler::read_file(WEB_DIR "password.html");
354373
SimpleWeb::CaseInsensitiveMultimap headers;
355374
headers.emplace("Content-Type", "text/html; charset=utf-8");
375+
headers.emplace("X-Frame-Options", "DENY");
376+
headers.emplace("Content-Security-Policy", "frame-ancestors 'none';");
356377
response->write(content, headers);
357378
}
358379

@@ -370,6 +391,8 @@ namespace confighttp {
370391
std::string content = file_handler::read_file(WEB_DIR "welcome.html");
371392
SimpleWeb::CaseInsensitiveMultimap headers;
372393
headers.emplace("Content-Type", "text/html; charset=utf-8");
394+
headers.emplace("X-Frame-Options", "DENY");
395+
headers.emplace("Content-Security-Policy", "frame-ancestors 'none';");
373396
response->write(content, headers);
374397
}
375398

@@ -388,6 +411,8 @@ namespace confighttp {
388411
std::string content = file_handler::read_file(WEB_DIR "troubleshooting.html");
389412
SimpleWeb::CaseInsensitiveMultimap headers;
390413
headers.emplace("Content-Type", "text/html; charset=utf-8");
414+
headers.emplace("X-Frame-Options", "DENY");
415+
headers.emplace("Content-Security-Policy", "frame-ancestors 'none';");
391416
response->write(content, headers);
392417
}
393418

@@ -404,6 +429,8 @@ namespace confighttp {
404429
std::ifstream in(WEB_DIR "images/sunshine.ico", std::ios::binary);
405430
SimpleWeb::CaseInsensitiveMultimap headers;
406431
headers.emplace("Content-Type", "image/x-icon");
432+
headers.emplace("X-Frame-Options", "DENY");
433+
headers.emplace("Content-Security-Policy", "frame-ancestors 'none';");
407434
response->write(SimpleWeb::StatusCode::success_ok, in, headers);
408435
}
409436

@@ -420,6 +447,8 @@ namespace confighttp {
420447
std::ifstream in(WEB_DIR "images/logo-sunshine-45.png", std::ios::binary);
421448
SimpleWeb::CaseInsensitiveMultimap headers;
422449
headers.emplace("Content-Type", "image/png");
450+
headers.emplace("X-Frame-Options", "DENY");
451+
headers.emplace("Content-Security-Policy", "frame-ancestors 'none';");
423452
response->write(SimpleWeb::StatusCode::success_ok, in, headers);
424453
}
425454

@@ -471,6 +500,8 @@ namespace confighttp {
471500
// if it is, set the content type to the mime type
472501
SimpleWeb::CaseInsensitiveMultimap headers;
473502
headers.emplace("Content-Type", mimeType->second);
503+
headers.emplace("X-Frame-Options", "DENY");
504+
headers.emplace("Content-Security-Policy", "frame-ancestors 'none';");
474505
std::ifstream in(filePath.string(), std::ios::binary);
475506
response->write(SimpleWeb::StatusCode::success_ok, in, headers);
476507
}
@@ -971,6 +1002,8 @@ namespace confighttp {
9711002
std::string content = file_handler::read_file(config::sunshine.log_file.c_str());
9721003
SimpleWeb::CaseInsensitiveMultimap headers;
9731004
headers.emplace("Content-Type", "text/plain");
1005+
headers.emplace("X-Frame-Options", "DENY");
1006+
headers.emplace("Content-Security-Policy", "frame-ancestors 'none';");
9741007
response->write(SimpleWeb::StatusCode::success_ok, content, headers);
9751008
}
9761009

0 commit comments

Comments
 (0)