diff --git a/atst/app.py b/atst/app.py
index 88002c4f..7cc3574d 100644
--- a/atst/app.py
+++ b/atst/app.py
@@ -71,6 +71,7 @@ def make_app(config):
app.form_cache = FormCache(app.redis)
apply_authentication(app)
+ set_default_headers(app)
return app
@@ -91,6 +92,20 @@ def make_flask_callbacks(app):
return response
+def set_default_headers(app):
+ @app.after_request
+ def _set_security_headers(response):
+ response.headers[
+ "Strict-Transport-Security"
+ ] = "max-age=31536000; includeSubDomains"
+ response.headers["Content-Security-Policy"] = "default-src 'self'"
+ response.headers["X-Content-Type-Options"] = "nosniff"
+ response.headers["X-Frame-Options"] = "SAMEORIGIN"
+ response.headers["X-XSS-Protection"] = "1; mode=block"
+
+ return response
+
+
def map_config(config):
return {
**config["default"],
diff --git a/templates/components/alert.html b/templates/components/alert.html
index d170e2bb..b510457e 100644
--- a/templates/components/alert.html
+++ b/templates/components/alert.html
@@ -54,7 +54,7 @@
{% elif actions is iterable %}
{% for action in actions %}
-
+
{% if 'icon' in action %}{{ Icon(action["icon"]) }}{% endif %}
{{ action["label"] }}