maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

update jquery/jquery-ui; fininshed api_key editing (needs a bit more validating); added PhpSettings-Unit-test

Browse Source 
Signed-off-by: Michael Kaufmann <michael.kaufmann@aixit.com>
This commit is contained in:
Michael Kaufmann
2018-06-22 10:05:04 +02:00
parent f1d91dfef8
commit d4312fc481
36 changed files with 139 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/init.php
View File

@@ -29,7 +29,7 @@ header('Expires: ' . gmdate( 'D, d M Y H:i:s \G\M\T', time()));
// Inline-JS is no longer allowed and used
// See: http://people.mozilla.org/~bsterne/content-security-policy/index.html
// New stuff see: https://www.owasp.org/index.php/List_of_useful_HTTP_headers and https://www.owasp.org/index.php/Content_Security_Policy
$csp_content = "default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; reflected-xss block;";
$csp_content = "default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self';";
header("Content-Security-Policy: ".$csp_content);
header("X-Content-Security-Policy: ".$csp_content);
header("X-WebKit-CSP: ".$csp_content);