From 169cb9536ea4545853cc4a5b9f9a1e886f0d9268 Mon Sep 17 00:00:00 2001
From: Aevann1 <Aevann3@gmail.com>
Date: Wed, 11 Aug 2021 23:15:30 +0200
Subject: [PATCH] fd

---
 files/__main__.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/files/__main__.py b/files/__main__.py
index d2991b28c..9628f0d13 100644
--- a/files/__main__.py
+++ b/files/__main__.py
@@ -254,8 +254,13 @@ def after_request(response):
 		print(e)
 		abort(500)
 
+	response.headers.add('Access-Control-Allow-Headers', "Origin, X-Requested-With, Content-Type, Accept, x-auth")
 	response.headers.remove("Cache-Control")
 	response.headers.add("Cache-Control", "public, maxage=600")
+	response.headers.add("Strict-Transport-Security", "max-age=31536000")
+	response.headers.add("Referrer-Policy", "same-origin")
+	response.headers.add("Feature-Policy", "geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'none'; payment 'none';")
+	if not request.path.startswith("/embed/"): response.headers.add("X-Frame-Options", "deny")
 
 	return response