marek/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Fix CSP to allow inline style and refresh

Browse Source 
Add filter to all webapps
This commit is contained in:
zzz
2014-07-26 11:01:16 +00:00
parent 99401c5639
commit 4746d9eb80
16 changed files with 56 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
apps/susidns/src/WEB-INF/web-template.xml
View File

@@ -3,6 +3,15 @@
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2.2.dtd">
<web-app>
<filter>
<filter-name>XSSFilter</filter-name>
<filter-class>net.i2p.servlet.filters.XSSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>XSSFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<display-name>susidns</display-name>
<!-- precompiled servlets -->

2
apps/susidns/src/jsp/config.jsp
View File

@@ -28,7 +28,7 @@
request.setCharacterEncoding("UTF-8");
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block");
%>

2
apps/susidns/src/jsp/details.jsp
View File

@@ -25,7 +25,7 @@
request.setCharacterEncoding("UTF-8");
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block");
%>

2
apps/susidns/src/jsp/index.jsp
View File

@@ -28,7 +28,7 @@
request.setCharacterEncoding("UTF-8");
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block");
%>

2
apps/susidns/src/jsp/subscriptions.jsp
View File

@@ -28,7 +28,7 @@
request.setCharacterEncoding("UTF-8");
response.setHeader("X-Frame-Options", "SAMEORIGIN");
response.setHeader("Content-Security-Policy", "default-src 'self'");
response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
response.setHeader("X-XSS-Protection", "1; mode=block");
%>