]> git.ipfire.org Git - thirdparty/pdns.git/commit
projects / thirdparty / pdns.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 07ab912) | patch
dnsdist: Remove jsonp callback, add security HTTP headers
authorRemi Gacogne <remi.gacogne@powerdns.com>
Tue, 12 Jan 2016 09:25:05 +0000 (10:25 +0100)
committerRemi Gacogne <rgacogne-github@coredump.fr>
Thu, 14 Jan 2016 08:17:22 +0000 (09:17 +0100)
commited5d8c793dd9df64a6b7db1946807c391157d192
tree91e8bbfdda9e0be8c17a23db3651adb1cbe0d84atree | snapshot
parent07ab912aeb70108c9898d571e0c2912b2114efbecommit | diff
dnsdist: Remove jsonp callback, add security HTTP headers

- Remove the jsonp callback, using simple json data instead (Fixes #3217)
We might need to add CORS if we want to be able to retrieve JSON
data from a webpage not stored on the embedded web server.
- Add several HTTP headers:
 * X-Content-Type-Options: no-sniff to prevent browsers from guessing MIME type
 * X-Frame-Options: deny to prevent clickjacking
 * X-Permitted-Cross-Domain-Policies: none to keep flash from crossing boundaries
 * X-XSS-Protection: 1; mode=block to mitigate XSS
 * Content-Security-Policy: default-src 'self'; img-src *; style-src 'self' 'unsafe-inline',
 a basic CSP policy to restrict which scripts and CSS can be loaded
pdns/dnsdist-web.cc diff | blob | blame | history
pdns/dnsdistdist/html/local.js diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.