diff --git a/Kyoo/Startup.cs b/Kyoo/Startup.cs index c993902f..0ec5c504 100644 --- a/Kyoo/Startup.cs +++ b/Kyoo/Startup.cs @@ -93,7 +93,7 @@ namespace Kyoo AuthorizationPolicyBuilder scheme = new AuthorizationPolicyBuilder(IdentityConstants.ApplicationScheme, JwtBearerDefaults.AuthenticationScheme); options.DefaultPolicy = scheme.RequireAuthenticatedUser().Build(); - string[] permissions = {"Read", "Write", "Play", "Download", "Admin"}; + string[] permissions = {"Read", "Write", "Play", "Admin"}; foreach (string permission in permissions) { options.AddPolicy(permission, policy => @@ -130,19 +130,6 @@ namespace Kyoo app.UseHsts(); } - app.Use((ctx, next) => - { - ctx.Response.Headers.Remove("X-Powered-By"); - ctx.Response.Headers.Remove("Server"); - ctx.Response.Headers.Add("Feature-Policy", "autoplay 'self'; fullscreen"); - ctx.Response.Headers.Add("Content-Security-Policy", "default-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' 'unsafe-inline'"); - ctx.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN"); - ctx.Response.Headers.Add("Referrer-Policy", "no-referrer"); - ctx.Response.Headers.Add("Access-Control-Allow-Origin", "null"); - ctx.Response.Headers.Add("X-Content-Type-Options", "nosniff"); - return next(); - }); - app.UseStaticFiles(); if (!env.IsDevelopment()) app.UseSpaStaticFiles(); diff --git a/Kyoo/Views/WebClient b/Kyoo/Views/WebClient index 9f44094b..68090ee9 160000 --- a/Kyoo/Views/WebClient +++ b/Kyoo/Views/WebClient @@ -1 +1 @@ -Subproject commit 9f44094b2df56acceb3b6ef8abe7504efae50c98 +Subproject commit 68090ee90e403577645f20ae5953eeb8bf86dd52 diff --git a/Kyoo/appsettings.json b/Kyoo/appsettings.json index d43606fb..40785057 100644 --- a/Kyoo/appsettings.json +++ b/Kyoo/appsettings.json @@ -4,7 +4,7 @@ "https_port": 44300, "Logging": { "LogLevel": { - "Default": "Trace", + "Default": "Warning", "Microsoft": "Warning", "Microsoft.Hosting.Lifetime": "Information" }