|
|
@@ -186,11 +186,16 @@ def login():
|
|
|
flash('Unsucessful Login!', category='error')
|
|
|
|
|
|
|
|
|
- return render_template(
|
|
|
+ response = make_response (render_template(
|
|
|
"login.html",
|
|
|
user = current_user,
|
|
|
form = form
|
|
|
- )
|
|
|
+ ))
|
|
|
+ response.headers['Content-Security-Policy'] = "default-src 'self'"
|
|
|
+ response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains'
|
|
|
+ response.headers['X-Content-Type-Options'] = 'nosniff'
|
|
|
+ response.headers['X-Frame-Options'] = 'SAMEORIGIN'
|
|
|
+ return response
|
|
|
|
|
|
|
|
|
@logic.route('/logout')
|
|
|
@@ -264,5 +269,10 @@ def register():
|
|
|
else:
|
|
|
flash('Registration Failed', category='error')
|
|
|
|
|
|
- return render_template("register.html", user = current_user, form = form)
|
|
|
+ response = make_response(render_template("register.html", user = current_user, form = form))
|
|
|
+ response.headers['Content-Security-Policy'] = "default-src 'self'"
|
|
|
+ response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains'
|
|
|
+ response.headers['X-Content-Type-Options'] = 'nosniff'
|
|
|
+ response.headers['X-Frame-Options'] = 'SAMEORIGIN'
|
|
|
+ return response
|
|
|
|
control