dahjah/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-05-12 17:09:39 -06:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Some small fixes

Browse Source 
Signed-off-by: BlackDex <black.dex@gmail.com>
This commit is contained in:
BlackDex 2024-12-10 21:44:19 +01:00
parent bb00e1f4ce
commit f211fc0dad
No known key found for this signature in database
GPG Key ID: 58C80A2AA6C765E1
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/static/scripts/admin_diagnostics.js vendored
View File

@ -276,7 +276,7 @@ async function checkHttpResponse() {
const [apiConfig, webauthnConnector, notFound, notFoundApi, badRequest, unauthorized, forbidden] = await Promise.all([
fetchCheckUrl(`${BASE_URL}/api/config`),
fetchCheckUrl(`${BASE_URL}/webauthn-connector.html`),
fetchCheckUrl(`${BASE_URL}/admin/does-not-exists`),
fetchCheckUrl(`${BASE_URL}/admin/does-not-exist`),
fetchCheckUrl(`${BASE_URL}/admin/diagnostics/http?code=404`),
fetchCheckUrl(`${BASE_URL}/admin/diagnostics/http?code=400`),
fetchCheckUrl(`${BASE_URL}/admin/diagnostics/http?code=401`),

1
src/util.rs
View File

@ -51,6 +51,7 @@ impl Fairing for AppHeaders {
}
}
// NOTE: When modifying or adding security headers be sure to also update the diagnostic checks in `src/static/scripts/admin_diagnostics.js` in `checkSecurityHeaders`
res.set_raw_header("Permissions-Policy", "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()");
res.set_raw_header("Referrer-Policy", "same-origin");
res.set_raw_header("X-Content-Type-Options", "nosniff");