Send CSP header in all responses
Introduces a new content security policy header for responses to all requests to reduce the possibility of ip leaks to outside connections. By default blocks all inline scripts, and only allows content loaded from Whoogle. Refactors a few small inline scripting cases in the project to their own individual scripts.pull/264/head
parent
b7b6fb7c04
commit
dcb80ac250
@ -0,0 +1,11 @@
|
||||
document.addEventListener("DOMContentLoaded", () => {
|
||||
const searchBar = document.getElementById("search-bar");
|
||||
|
||||
searchBar.addEventListener("keyup", function (event) {
|
||||
if (event.keyCode !== 13) {
|
||||
handleUserInput(searchBar);
|
||||
} else {
|
||||
document.getElementById("search-form").submit();
|
||||
}
|
||||
});
|
||||
});
|
@ -1,6 +1,6 @@
|
||||
<h1>Error</h1>
|
||||
<hr>
|
||||
<p>
|
||||
Error parsing "{{ query }}"
|
||||
Error: "{{ error_message|safe }}"
|
||||
</p>
|
||||
<a href="/">Return Home</a>
|
||||
|
Loading…
Reference in New Issue