diff options
author | redmatrix <git@macgirvin.com> | 2016-01-07 12:47:46 -0800 |
---|---|---|
committer | redmatrix <git@macgirvin.com> | 2016-01-07 12:47:46 -0800 |
commit | 100412267ad5d193d2131e3fa89090846267b72d (patch) | |
tree | 7450f92cada7860528a1f57e03316b7831239d19 | |
parent | 761afd029d97703f2f7609d546b7b5f3d257c601 (diff) | |
download | volse-hubzilla-100412267ad5d193d2131e3fa89090846267b72d.tar.gz volse-hubzilla-100412267ad5d193d2131e3fa89090846267b72d.tar.bz2 volse-hubzilla-100412267ad5d193d2131e3fa89090846267b72d.zip |
extra security headers, revert or fix if functionality is blocked
-rwxr-xr-x | boot.php | 15 | ||||
-rw-r--r-- | version.inc | 2 |
2 files changed, 16 insertions, 1 deletions
@@ -874,6 +874,11 @@ class App { } } + function get_scheme() { + return $this->scheme; + } + + function get_hostname() { return $this->hostname; } @@ -2121,6 +2126,16 @@ function construct_page(&$a) { $profile = $a->profile; header("Content-type: text/html; charset=utf-8"); + if($a->get_scheme() === 'https') + header("Strict-Transport-Security: max-age=31536000"); + + header("Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"); + + if($a->config['system']['x_security_headers']) { + header("X-Frame-Options: SAMEORIGIN"); + header("X-Xss-Protection: 1; mode=block;"); + header("X-Content-Type-Options: nosniff"); + } require_once(theme_include( ((x($a->page, 'template')) ? $a->page['template'] : 'default' ) . '.php' ) diff --git a/version.inc b/version.inc index be2d3de4a..9846c0954 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2016-01-06.1270H +2016-01-07.1271H |