Remove obsolete dapps and update security headers (#2694)

* Embed allowed only on signer port * Adding security headers to dapps * Adding security headers to signer * Removing old dapps
2016-10-19 11:02:21 +02:00
parent 487dfb0208
commit 5e67c89b4b
18 changed files with 123 additions and 93 deletions
--- a/signer/src/ws_server/session.rs
+++ b/signer/src/ws_server/session.rs
@@ -112,6 +112,8 @@ fn add_headers(mut response: ws::Response, mime: &str) -> ws::Response {
 	{
 		let mut headers = response.headers_mut();
 		headers.push(("X-Frame-Options".into(), b"SAMEORIGIN".to_vec()));
+		headers.push(("X-XSS-Protection".into(), b"1; mode=block".to_vec()));
+		headers.push(("X-Content-Type-Options".into(), b"nosniff".to_vec()));
 		headers.push(("Server".into(), b"Parity/SignerUI".to_vec()));
 		headers.push(("Content-Length".into(), content_len.as_bytes().to_vec()));
 		headers.push(("Content-Type".into(), mime.as_bytes().to_vec()));