|
@@ -93,6 +93,9 @@ def profile():
|
|
|
|
|
|
|
|
response = make_response(render_template("profile.html", user = current_user, form1 = form_1, form2= form_2))
|
|
response = make_response(render_template("profile.html", user = current_user, form1 = form_1, form2= form_2))
|
|
|
response.headers['Content-Security-Policy'] = "default-src 'self'"
|
|
response.headers['Content-Security-Policy'] = "default-src 'self'"
|
|
|
|
|
+ response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains'
|
|
|
|
|
+ response.headers['X-Content-Type-Options'] = 'nosniff'
|
|
|
|
|
+ response.headers['X-Frame-Options'] = 'SAMEORIGIN'
|
|
|
return response
|
|
return response
|
|
|
|
|
|
|
|
|
|
|
|
@@ -112,6 +115,9 @@ def matchbook():
|
|
|
|
|
|
|
|
response = make_response(render_template("matchbook.html", user=current_user, userlist=all_users))
|
|
response = make_response(render_template("matchbook.html", user=current_user, userlist=all_users))
|
|
|
response.headers['Content-Security-Policy'] = "default-src 'self'"
|
|
response.headers['Content-Security-Policy'] = "default-src 'self'"
|
|
|
|
|
+ response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains'
|
|
|
|
|
+ response.headers['X-Content-Type-Options'] = 'nosniff'
|
|
|
|
|
+ response.headers['X-Frame-Options'] = 'SAMEORIGIN'
|
|
|
return response
|
|
return response
|
|
|
|
|
|
|
|
@logic.route('/messaging', methods=['GET', 'POST'])
|
|
@logic.route('/messaging', methods=['GET', 'POST'])
|
|
@@ -137,6 +143,9 @@ def messaging():
|
|
|
|
|
|
|
|
response = make_response(redirect(url_for('logic.messaging')))
|
|
response = make_response(redirect(url_for('logic.messaging')))
|
|
|
response.headers['Content-Security-Policy'] = "default-src 'self'"
|
|
response.headers['Content-Security-Policy'] = "default-src 'self'"
|
|
|
|
|
+ response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains'
|
|
|
|
|
+ response.headers['X-Content-Type-Options'] = 'nosniff'
|
|
|
|
|
+ response.headers['X-Frame-Options'] = 'SAMEORIGIN'
|
|
|
return response
|
|
return response
|
|
|
|
|
|
|
|
response = make_response(render_template(
|
|
response = make_response(render_template(
|
|
@@ -147,6 +156,9 @@ def messaging():
|
|
|
form = form
|
|
form = form
|
|
|
))
|
|
))
|
|
|
response.headers['Content-Security-Policy'] = "default-src 'self'"
|
|
response.headers['Content-Security-Policy'] = "default-src 'self'"
|
|
|
|
|
+ response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains'
|
|
|
|
|
+ response.headers['X-Content-Type-Options'] = 'nosniff'
|
|
|
|
|
+ response.headers['X-Frame-Options'] = 'SAMEORIGIN'
|
|
|
return response
|
|
return response
|
|
|
|
|
|
|
|
|
|
|
|
@@ -187,6 +199,9 @@ def logout():
|
|
|
logout_user()
|
|
logout_user()
|
|
|
response = make_response(redirect(url_for('logic.login')))
|
|
response = make_response(redirect(url_for('logic.login')))
|
|
|
response.headers['Content-Security-Policy'] = "default-src 'self'"
|
|
response.headers['Content-Security-Policy'] = "default-src 'self'"
|
|
|
|
|
+ response.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains'
|
|
|
|
|
+ response.headers['X-Content-Type-Options'] = 'nosniff'
|
|
|
|
|
+ response.headers['X-Frame-Options'] = 'SAMEORIGIN'
|
|
|
return response
|
|
return response
|
|
|
|
|
|
|
|
# Signup Route
|
|
# Signup Route
|
control