Rev 467 | Rev 480 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 467 | Rev 476 | ||
---|---|---|---|
Line 65... | Line 65... | ||
65 | unset($missing_dependencies); |
65 | unset($missing_dependencies); |
66 | 66 | ||
67 | // Now we can continue! |
67 | // Now we can continue! |
68 | 68 | ||
69 | if (PHP_SAPI != 'cli') { |
69 | if (PHP_SAPI != 'cli') { |
- | 70 | // TODO: Plugins should be able to extend CSP |
|
70 | header('X-Content-Type-Options: nosniff'); |
71 | header('X-Content-Type-Options: nosniff'); |
71 | header('X-XSS-Protection: 1; mode=block'); |
72 | header('X-XSS-Protection: 1; mode=block'); |
72 | header("Content-Security-Policy: default-src 'self' blob: https://fonts.gstatic.com https://www.google.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/; ". |
73 | header("Content-Security-Policy: default-src 'self' blob: https://fonts.gstatic.com https://www.google.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/; ". |
73 | "style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/; ". |
74 | "style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/; ". |
74 | "img-src data: http: https:; ". |
75 | "img-src blob: data: http: https:; ". |
75 | "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/ https://polyfill.io/; ". |
76 | "script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google.com/ https://www.gstatic.com/ https://cdnjs.cloudflare.com/ https://polyfill.io/; ". |
76 | "frame-ancestors 'none'; ". |
77 | "frame-ancestors 'none'; ". |
77 | "object-src 'none'"); |
78 | "object-src 'none'"); |
78 | header('X-Frame-Options: SAMEORIGIN'); |
79 | header('X-Frame-Options: SAMEORIGIN'); |
79 | header('Referrer-Policy: no-referrer-when-downgrade'); |
80 | header('Referrer-Policy: no-referrer-when-downgrade'); |