From f211fc0dad187ec61b4139adcedaef29e4f1c8c7 Mon Sep 17 00:00:00 2001 From: BlackDex Date: Tue, 10 Dec 2024 21:44:19 +0100 Subject: [PATCH] Some small fixes Signed-off-by: BlackDex --- src/static/scripts/admin_diagnostics.js | 2 +- src/util.rs | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/static/scripts/admin_diagnostics.js b/src/static/scripts/admin_diagnostics.js index a6650206..258df5e1 100644 --- a/src/static/scripts/admin_diagnostics.js +++ b/src/static/scripts/admin_diagnostics.js @@ -276,7 +276,7 @@ async function checkHttpResponse() { const [apiConfig, webauthnConnector, notFound, notFoundApi, badRequest, unauthorized, forbidden] = await Promise.all([ fetchCheckUrl(`${BASE_URL}/api/config`), fetchCheckUrl(`${BASE_URL}/webauthn-connector.html`), - fetchCheckUrl(`${BASE_URL}/admin/does-not-exists`), + fetchCheckUrl(`${BASE_URL}/admin/does-not-exist`), fetchCheckUrl(`${BASE_URL}/admin/diagnostics/http?code=404`), fetchCheckUrl(`${BASE_URL}/admin/diagnostics/http?code=400`), fetchCheckUrl(`${BASE_URL}/admin/diagnostics/http?code=401`), diff --git a/src/util.rs b/src/util.rs index e5480125..88f0b23d 100644 --- a/src/util.rs +++ b/src/util.rs @@ -51,6 +51,7 @@ impl Fairing for AppHeaders { } } + // NOTE: When modifying or adding security headers be sure to also update the diagnostic checks in `src/static/scripts/admin_diagnostics.js` in `checkSecurityHeaders` res.set_raw_header("Permissions-Policy", "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()"); res.set_raw_header("Referrer-Policy", "same-origin"); res.set_raw_header("X-Content-Type-Options", "nosniff");