1
0
Fork 0
Commit graph

6 commits

Author SHA1 Message Date
Frédéric Guillot
2935aaef45 Add Content-Security-Policy header to feed icon url
- SVG images could contains Javascript. This CSP blocks inline script.
- Feed icons are served using <img> tag and Javascript is not interpreted.

See https://developer.mozilla.org/en-US/docs/Web/SVG/SVG_as_an_Image#restrictions
2022-01-02 17:38:53 -08:00
Frédéric Guillot
5a69a61d48 Move UI middlewares and routes to ui package 2018-11-11 11:29:12 -08:00
Frédéric Guillot
1f58b37a5e Refactor HTTP response builder 2018-10-08 15:31:58 -07:00
Frédéric Guillot
9d08139f43 Improve request package and add more unit tests 2018-09-23 21:02:26 -07:00
Frédéric Guillot
dbcc5d8a97 Use canonical imports 2018-08-24 21:56:39 -07:00
Frédéric Guillot
f49b42f70f Use vanilla HTTP handlers (refactoring) 2018-04-29 16:35:04 -07:00