diff --git a/.htaccess b/.htaccess
index 6487a7c..ca8ae0c 100644
--- a/.htaccess
+++ b/.htaccess
@@ -28,3 +28,10 @@ FileETag None
AddOutputFilterByType DEFLATE text/css text/html application/javascript font/truetype
+
+
+ Header set X-Frame-Options DENY
+ Header set X-Content-Type-Options nosniff
+ Header set X-XSS-Protection "1; mode=block"
+ Header set Content-Security-Policy "default-src 'self'; object-src 'none'; script-src 'none'; img-src http:"
+
diff --git a/Gruntfile.js b/Gruntfile.js
index ea379ad..01d1704 100644
--- a/Gruntfile.js
+++ b/Gruntfile.js
@@ -11,7 +11,7 @@ module.exports = function (grunt) {
uglify: {
combine: {
files: {
- 'dist/main.js': ['js/cast.js']
+ 'dist/main.js': ['js/*.js']
}
}
},
@@ -128,8 +128,8 @@ module.exports = function (grunt) {
grunt.loadNpmTasks('grunt-potomo');
grunt.loadNpmTasks('grunt-contrib-csslint');
- grunt.registerTask('default', ['uglify', 'cssmin', 'potomo']);
- grunt.registerTask('lint', ['jslint', 'csslint', 'fixpack', 'jsonlint', 'phpcs']);
+ grunt.registerTask('default', ['cssmin', 'potomo']);
+ grunt.registerTask('lint', ['csslint', 'fixpack', 'jsonlint', 'phpcs']);
grunt.registerTask('test', ['phpunit']);
grunt.registerTask('doc', ['phpdocumentor']);
grunt.registerTask('release', ['default', 'githash', 'compress']);
diff --git a/classes/LocaleManager.php b/classes/LocaleManager.php
index c426122..558531f 100644
--- a/classes/LocaleManager.php
+++ b/classes/LocaleManager.php
@@ -42,6 +42,7 @@ class LocaleManager
{
$session_factory = new \Aura\Session\SessionFactory();
$session = $session_factory->newInstance($cookies);
+ $session->setCookieParams(['httponly' => true]);
$this->sessionSegment = $session->getSegment('Alltube\LocaleManager');
$cookieLocale = $this->sessionSegment->get('locale');
if (isset($cookieLocale)) {
diff --git a/css/style.css b/css/style.css
index eb886dc..6acce45 100644
--- a/css/style.css
+++ b/css/style.css
@@ -544,18 +544,6 @@ h1 {
max-width:700px;
}
-.cast_btn {
- cursor:pointer;
-}
-
-.cast_hidden {
- display:none;
-}
-
-.cast_icon {
- vertical-align:middle;
-}
-
.format {
text-align:left;
}
diff --git a/img/ic_media_route_disabled_holo_light.png b/img/ic_media_route_disabled_holo_light.png
deleted file mode 100644
index 319c57e..0000000
Binary files a/img/ic_media_route_disabled_holo_light.png and /dev/null differ
diff --git a/img/ic_media_route_off_holo_light.png b/img/ic_media_route_off_holo_light.png
deleted file mode 100644
index b74cdb5..0000000
Binary files a/img/ic_media_route_off_holo_light.png and /dev/null differ
diff --git a/img/ic_media_route_on_holo_light.png b/img/ic_media_route_on_holo_light.png
deleted file mode 100644
index c49f2d0..0000000
Binary files a/img/ic_media_route_on_holo_light.png and /dev/null differ
diff --git a/js/cast.js b/js/cast.js
deleted file mode 100644
index f693a92..0000000
--- a/js/cast.js
+++ /dev/null
@@ -1,109 +0,0 @@
-/*global chrome*/
-/*jslint browser: true, nomen: true */
-var castModule = (function () {
- 'use strict';
- var launchBtn, disabledBtn, stopBtn, session;
-
- function receiverListener(e) {
- return (e === chrome.cast.ReceiverAvailability.AVAILABLE);
- }
-
- function onMediaDiscovered() {
- if (launchBtn) {
- stopBtn.classList.remove('cast_hidden');
- launchBtn.classList.add('cast_hidden');
- }
- }
-
- function onStopCast() {
- stopBtn.classList.add('cast_hidden');
- launchBtn.classList.remove('cast_hidden');
- }
-
- function onStopCastError(e) {
- onStopCast();
- throw e.description;
- }
-
- function updateListener() {
- if (session.status !== chrome.cast.SessionStatus.CONNECTED) {
- onStopCast();
- }
- }
-
- function sessionListener(e) {
- session = e;
- session.addMediaListener(onMediaDiscovered);
- session.addUpdateListener(updateListener);
- if (session.media.length !== 0) {
- onMediaDiscovered();
- }
- }
-
- function stopCast() {
- session.stop(onStopCast, onStopCastError);
- }
-
- function onMediaError(e) {
- stopCast();
- throw e.description;
- }
-
- function onRequestSessionSuccess(e) {
- session = e;
- var videoLink = document.getElementById('video_link'), videoURL = videoLink.dataset.video, mediaInfo = new chrome.cast.media.MediaInfo(videoURL, 'video/' + videoLink.dataset.ext), request = new chrome.cast.media.LoadRequest(mediaInfo);
- session.loadMedia(request, onMediaDiscovered, onMediaError);
- }
-
- function onLaunchError(e) {
- throw e.description;
- }
-
- function launchCast() {
- chrome.cast.requestSession(onRequestSessionSuccess, onLaunchError);
- }
-
- function onInitSuccess() {
- launchBtn = document.getElementById('cast_btn_launch');
- disabledBtn = document.getElementById('cast_disabled');
- stopBtn = document.getElementById('cast_btn_stop');
- if (launchBtn) {
- disabledBtn.classList.add('cast_hidden');
- launchBtn.classList.remove('cast_hidden');
- launchBtn.addEventListener('click', launchCast, false);
- stopBtn.addEventListener('click', stopCast, false);
- }
- }
-
- function onError(e) {
- throw e.code;
- }
-
- function initializeCastApi() {
- var sessionRequest = new chrome.cast.SessionRequest(chrome.cast.media.DEFAULT_MEDIA_RECEIVER_APP_ID),
- apiConfig = new chrome.cast.ApiConfig(sessionRequest, sessionListener, receiverListener, chrome.cast.AutoJoinPolicy.ORIGIN_SCOPED);
- chrome.cast.initialize(apiConfig, onInitSuccess, onError);
- }
-
- function loadCastApi(loaded, errorInfo) {
- if (loaded) {
- initializeCastApi();
- } else {
- throw errorInfo;
- }
- }
-
- return {
- init: function () {
- var intro = document.getElementById('download_intro');
- if (intro) {
- intro.insertAdjacentHTML('beforeend', '
');
- window.__onGCastApiAvailable = loadCastApi;
- }
- }
- };
-}());
-
-if (typeof window === 'object') {
- window.addEventListener('load', castModule.init, false);
-}
diff --git a/templates/inc/footer.tpl b/templates/inc/footer.tpl
index bcc7eb8..1bca78f 100644
--- a/templates/inc/footer.tpl
+++ b/templates/inc/footer.tpl
@@ -16,6 +16,5 @@
{t}Based on{/t} youtube-dl
-