official-techsupport
/
rDrama
forked from rDrama/rDrama
1
0
Fork 0
Code Pull Requests Activity

Merge pull request #16 from Aevann1/headers 

Headers
master
Aevann1 2021-08-13 23:25:33 +02:00 committed by GitHub
parent 033f5a6e7f 995837625e
commit d2bf86b181
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
files/__main__.py
View File

@ -213,9 +213,11 @@ def before_request():
g.timestamp = int(time.time())
#do not access session for static files
if request.path.startswith("/assets"): return
if not request.path.startswith("/assets"):
session.permanent = True
session.permanent = True
if not session.get("session_id"):
session["session_id"] = secrets.token_hex(16)
ua_banned, response_tuple = get_useragent_ban_response(
request.headers.get("User-Agent", "NoAgent"))
@ -227,9 +229,6 @@ def before_request():
url = request.url.replace("http://", "https://", 1)
return redirect(url, code=301)
if not session.get("session_id"):
session["session_id"] = secrets.token_hex(16)
ua=request.headers.get("User-Agent","")
if "CriOS/" in ua:
g.system="ios/chrome"
@ -256,10 +255,16 @@ def after_request(response):
print(e)
abort(500)
response.headers.add("Strict-Transport-Security", "max-age=31536000")
response.headers.add("Referrer-Policy", "same-origin")
response.headers.add("Feature-Policy", "geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';")
response.headers.add("X-Frame-Options", "deny")
return response
@app.route("/<path:path>", subdomain="www")
def www_redirect(path):
return redirect(f"https://{app.config['SERVER_NAME']}/{path}")
return redirect(f"https://{app.config['SERVER_NAME']}/{path}")