Browse Source

Fixed non cross-domain support in CSP.

pull/111/head
Teknikode 4 years ago
parent
commit
395aba3d14
  1. 6
      Teknik/Areas/Paste/ViewModels/PasteCreateViewModel.cs
  2. 4
      Teknik/Global.asax.cs
  3. 3
      Teknik/Modules/CSPModule.cs

6
Teknik/Areas/Paste/ViewModels/PasteCreateViewModel.cs

@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
using System;
using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Linq;
@ -27,5 +27,7 @@ namespace Teknik.Areas.Paste.ViewModels @@ -27,5 +27,7 @@ namespace Teknik.Areas.Paste.ViewModels
public string Password { get; set; }
public bool Hide { get; set; }
public string CurrentSub { get; set; }
}
}
}

4
Teknik/Global.asax.cs

@ -53,6 +53,10 @@ namespace Teknik @@ -53,6 +53,10 @@ namespace Teknik
protected void Application_PreSendRequestHeaders(object sender, EventArgs e)
{
// Don't server HSTS over HTTP
if (HttpContext.Current.Request.Url.Scheme != "https")
HttpContext.Current.Response.Headers.Remove("strict-transport-security");
// Remove stupid headers
HttpContext.Current.Response.Headers.Remove("Server");
}

3
Teknik/Modules/CSPModule.cs

@ -29,9 +29,8 @@ namespace Teknik.Modules @@ -29,9 +29,8 @@ namespace Teknik.Modules
if (!string.IsNullOrEmpty(host))
{
string domain = host.GetDomain();
string sub = host.GetSubdomain();
allowedDomain = string.Format("{0}.{1} {1}", (string.IsNullOrEmpty(sub) ? "*" : sub), domain);
allowedDomain = string.Format("*.{0} {0}", domain);
}
// If a CDN is enabled, then add the cdn host

Loading…
Cancel
Save