starred/wastebin-matze
1
0
Fork 0
mirror of https://github.com/matze/wastebin.git synced 2026-04-25 08:36:00 +03:00
Code Issues 18 Projects Releases 10 Packages Wiki Activity

[PR #80] [MERGED] Security headers #149

New issue
Closed
opened 2026-02-27 10:15:57 +03:00 by kerem · 0 comments
kerem commented 2026-02-27 10:15:57 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/matze/wastebin/pull/80
Author: @cgzones
Created: 11/12/2024
Status: Merged
Merged: 1/11/2025
Merged by: @matze

Base: masterHead: security_headers

📝 Commits (2)

  • 921324e Avoid inline styles and scripts
  • a705a4a Add security headers

📊 Changes

11 files changed (+224 additions, -110 deletions)

View changed files

📝 src/env.rs (+2 -1)
📝 src/highlight.rs (+17 -0)
src/javascript/index.js (+69 -0)
src/javascript/paste.js (+44 -0)
📝 src/main.rs (+42 -1)
📝 src/routes/assets.rs (+17 -0)
📝 src/themes/style.css (+17 -0)
📝 templates/base.html (+1 -0)
📝 templates/encrypted.html (+4 -4)
📝 templates/index.html (+5 -63)
📝 templates/paste.html (+6 -41)

📄 Description

Modern browser support security headers, in particular Content Security
Policy (CSP)(https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP).
These can help mitigating XSS vulnerabilities, in the case of pastes by
disallowing inline styles and scripts.

Move all current inline styles into the global style.css, and refactor
all inline javascript into separate asset files.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/matze/wastebin/pull/80 **Author:** [@cgzones](https://github.com/cgzones) **Created:** 11/12/2024 **Status:** ✅ Merged **Merged:** 1/11/2025 **Merged by:** [@matze](https://github.com/matze) **Base:** `master` ← **Head:** `security_headers` --- ### 📝 Commits (2) - [`921324e`](https://github.com/matze/wastebin/commit/921324e15f3d9a32e0e2aaa9efbe610010afd389) Avoid inline styles and scripts - [`a705a4a`](https://github.com/matze/wastebin/commit/a705a4a44c23ae99e8bc34f03f043ca10181dc7a) Add security headers ### 📊 Changes **11 files changed** (+224 additions, -110 deletions) <details> <summary>View changed files</summary> 📝 `src/env.rs` (+2 -1) 📝 `src/highlight.rs` (+17 -0) ➕ `src/javascript/index.js` (+69 -0) ➕ `src/javascript/paste.js` (+44 -0) 📝 `src/main.rs` (+42 -1) 📝 `src/routes/assets.rs` (+17 -0) 📝 `src/themes/style.css` (+17 -0) 📝 `templates/base.html` (+1 -0) 📝 `templates/encrypted.html` (+4 -4) 📝 `templates/index.html` (+5 -63) 📝 `templates/paste.html` (+6 -41) </details> ### 📄 Description Modern browser support security headers, in particular Content Security Policy (CSP)(https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP). These can help mitigating XSS vulnerabilities, in the case of pastes by disallowing inline styles and scripts. Move all current inline styles into the global style.css, and refactor all inline javascript into separate asset files. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-02-27 10:15:57 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
clickable-links
wip
tree-painter
3.6.0
3.5.0
3.4.1
3.4.0
3.3.0
3.2.0
3.1.0
3.0.0
2.7.1
2.7.0
2.6.0
2.5.0
2.4.3
2.4.2
2.4.1
2.4.0
2.3.5
2.3.4
2.3.3
2.3.2
2.3.1
2.3.0
2.2.1
2.2.0
2.1.0
2.0.1
2.0.0
1.6.0
1.5.0
1.4.0
1.3.0
1.2.1
1.2.0
1.1.0
1.0.0
Labels
Clear labels   
bug

   
documentation

   
enhancement

   
pull-request

Mirrored from GitHub Pull Request

  
ui-improvement

   
wastebin-ctl
No labels
bug
documentation
enhancement
pull-request
ui-improvement
wastebin-ctl
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/wastebin-matze#149
No description provided.