[WO-03-024] Fix links can be opened in the message frame in MSIE11 (High)

Add X-Content-Security-Policy HTTP header for IE10+
master
Tankred Hase 2015-04-23 17:34:41 +02:00
parent 4a681a73d2
commit 6216fe2f1a
1 changed files with 3 additions and 1 deletions

View File

@ -81,7 +81,9 @@ app.use(function(req, res, next) {
res.set('Strict-Transport-Security', 'max-age=16070400; includeSubDomains'); res.set('Strict-Transport-Security', 'max-age=16070400; includeSubDomains');
// CSP // CSP
var iframe = development ? "http://" + req.hostname + ":" + config.server.port : "https://" + req.hostname; // allow iframe to load assets var iframe = development ? "http://" + req.hostname + ":" + config.server.port : "https://" + req.hostname; // allow iframe to load assets
res.set('Content-Security-Policy', "default-src 'self' " + iframe + "; object-src 'none'; connect-src *; style-src 'self' 'unsafe-inline' " + iframe + "; img-src *"); var csp = "default-src 'self' " + iframe + "; object-src 'none'; connect-src *; style-src 'self' 'unsafe-inline' " + iframe + "; img-src *";
res.set('Content-Security-Policy', csp);
res.set('X-Content-Security-Policy', csp);
// set Cache-control Header (for AppCache) // set Cache-control Header (for AppCache)
res.set('Cache-control', 'public, max-age=0'); res.set('Cache-control', 'public, max-age=0');
next(); next();