WebSVN – oidplus – Diff – /trunk/includes/oidplus.inc.php



unset($missing_dependencies);
 
// Now we can continue!
 
if (PHP_SAPI != 'cli') {
        // TODO: Plugins should be able to extend CSP
        header('X-Content-Type-Options: nosniff');
        header('X-XSS-Protection: 1; mode=block');
        header("Content-Security-Policy: default-src 'self' blob: https://fonts.gstatic.com https://www.google.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/; ".
               "style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/; ".
               "img-src blob: data: http: https:; ".
               "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/ https://polyfill.io/; ".
               "frame-ancestors 'none'; ".
               "object-src 'none'");
        header('X-Frame-Options: SAMEORIGIN');
        header('Referrer-Policy: no-referrer-when-downgrade');

Rev 467	Rev 476
Line 65...	Line 65...
65	unset($missing_dependencies);	65	unset($missing_dependencies);
66		66
67	// Now we can continue!	67	// Now we can continue!
68		68
69	if (PHP_SAPI != 'cli') {	69	if (PHP_SAPI != 'cli') {
-		70	// TODO: Plugins should be able to extend CSP
70	header('X-Content-Type-Options: nosniff');	71	header('X-Content-Type-Options: nosniff');
71	header('X-XSS-Protection: 1; mode=block');	72	header('X-XSS-Protection: 1; mode=block');
72	header("Content-Security-Policy: default-src 'self' blob: https://fonts.gstatic.com https://www.google.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/; ".	73	header("Content-Security-Policy: default-src 'self' blob: https://fonts.gstatic.com https://www.google.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/; ".
73	"style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/; ".	74	"style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/; ".
74	"img-src data: http: https:; ".	75	"img-src blob: data: http: https:; ".
75	"script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/ https://polyfill.io/; ".	76	"script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/ https://polyfill.io/; ".
76	"frame-ancestors 'none'; ".	77	"frame-ancestors 'none'; ".
77	"object-src 'none'");	78	"object-src 'none'");
78	header('X-Frame-Options: SAMEORIGIN');	79	header('X-Frame-Options: SAMEORIGIN');
79	header('Referrer-Policy: no-referrer-when-downgrade');	80	header('Referrer-Policy: no-referrer-when-downgrade');

Subversion Repositories oidplus

oidplus/trunk/includes/oidplus.inc.php – Rev 467 → 476