moparisthebest/mail
1
0
Fork 0
mirror of https://github.com/moparisthebest/mail synced 2025-03-03 02:01:45 -05:00
Code Issues Releases Wiki Activity

[WO-03-024] Fix links can be opened in the message frame in MSIE11 (High)

Browse Source 
Add X-Content-Security-Policy HTTP header for IE10+
This commit is contained in:
Tankred Hase 2015-04-23 17:34:41 +02:00
parent 4a681a73d2
commit 6216fe2f1a
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server.js
View File

@ -81,7 +81,9 @@ app.use(function(req, res, next) {
res.set('Strict-Transport-Security', 'max-age=16070400; includeSubDomains');
// CSP
var iframe = development ? "http://" + req.hostname + ":" + config.server.port : "https://" + req.hostname; // allow iframe to load assets
res.set('Content-Security-Policy', "default-src 'self' " + iframe + "; object-src 'none'; connect-src *; style-src 'self' 'unsafe-inline' " + iframe + "; img-src *");
var csp = "default-src 'self' " + iframe + "; object-src 'none'; connect-src *; style-src 'self' 'unsafe-inline' " + iframe + "; img-src *";
res.set('Content-Security-Policy', csp);
res.set('X-Content-Security-Policy', csp);
// set Cache-control Header (for AppCache)
res.set('Cache-control', 'public, max-age=0');
next();