yetangitu/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-10-03 09:49:14 +02:00
Code Issues Projects Releases Packages Wiki Activity

set CSP also as meta tag, to deal with misconfigured webservers mangling the HTTP header

Browse source
This commit is contained in:
El RIDO 2022-03-13 17:24:47 +01:00
parent 1807580226
commit 6c1f0dde0c
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
5 changed files with 15 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
lib/Controller.php
View file

@ -364,6 +364,16 @@ class Controller
setcookie('lang', $languageselection, 0, '', '', true);
}
// strip policies that are unsupported in meta tag
$metacspheader = str_replace(
array(
'frame-ancestors \'none\'; ',
'; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads',
),
'',
$this->_conf->getKey('cspheader')
);
$page = new View;
$page->assign('NAME', $this->_conf->getKey('name'));
$page->assign('BASEPATH', I18n::_($this->_conf->getKey('basepath')));
@ -392,6 +402,7 @@ class Controller
$page->assign('HTTPWARNING', $this->_conf->getKey('httpwarning'));
$page->assign('HTTPSLINK', 'https://' . $this->_request->getHost() . $this->_request->getRequestUri());
$page->assign('COMPRESSION', $this->_conf->getKey('compression'));
$page->assign('CSPHEADER', $metacspheader);
$page->draw($this->_conf->getKey('template'));
}