yetangitu/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-10-03 09:49:14 +02:00
Code Issues Projects Releases Packages Wiki Activity

adding new security headers, fixes #765

Browse source
This commit is contained in:
El RIDO 2021-04-16 19:19:11 +02:00
parent d727837324
commit 9e6eb50ced
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
2 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
lib/Controller.php
View file

@ -346,10 +346,13 @@ class Controller
header('Last-Modified: ' . $time);
header('Vary: Accept');
header('Content-Security-Policy: ' . $this->_conf->getKey('cspheader'));
header('Cross-Origin-Resource-Policy: same-origin');
header('Cross-Origin-Embedder-Policy: require-corp');
header('Cross-Origin-Opener-Policy: same-origin');
header('Referrer-Policy: no-referrer');
header('X-Xss-Protection: 1; mode=block');
header('X-Frame-Options: DENY');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: deny');
header('X-XSS-Protection: 1; mode=block');
// label all the expiration options
$expire = array();