Browse Source

Fixed non cross-domain support in CSP.

tags/3.0.0
Teknikode 1 year ago
parent
commit
395aba3d14

+ 4
- 2
Teknik/Areas/Paste/ViewModels/PasteCreateViewModel.cs View File

@@ -1,4 +1,4 @@
using System;
using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Linq;
@@ -27,5 +27,7 @@ namespace Teknik.Areas.Paste.ViewModels
public string Password { get; set; }

public bool Hide { get; set; }

public string CurrentSub { get; set; }
}
}
}

+ 4
- 0
Teknik/Global.asax.cs View File

@@ -53,6 +53,10 @@ namespace Teknik

protected void Application_PreSendRequestHeaders(object sender, EventArgs e)
{
// Don't server HSTS over HTTP
if (HttpContext.Current.Request.Url.Scheme != "https")
HttpContext.Current.Response.Headers.Remove("strict-transport-security");

// Remove stupid headers
HttpContext.Current.Response.Headers.Remove("Server");
}

+ 1
- 2
Teknik/Modules/CSPModule.cs View File

@@ -29,9 +29,8 @@ namespace Teknik.Modules
if (!string.IsNullOrEmpty(host))
{
string domain = host.GetDomain();
string sub = host.GetSubdomain();

allowedDomain = string.Format("{0}.{1} {1}", (string.IsNullOrEmpty(sub) ? "*" : sub), domain);
allowedDomain = string.Format("*.{0} {0}", domain);
}

// If a CDN is enabled, then add the cdn host

Loading…
Cancel
Save