Adding HTTP headers to address certain XSS attacks, resolves #91
This commit is contained in:
parent
ec7af3a738
commit
8cfcf1c9f5
|
@ -403,12 +403,15 @@ class PrivateBin
|
||||||
{
|
{
|
||||||
// set headers to disable caching
|
// set headers to disable caching
|
||||||
$time = gmdate('D, d M Y H:i:s \G\M\T');
|
$time = gmdate('D, d M Y H:i:s \G\M\T');
|
||||||
header('Cache-Control: no-store, no-cache, must-revalidate');
|
header('Cache-Control: no-store, no-cache, no-transform, must-revalidate');
|
||||||
header('Pragma: no-cache');
|
header('Pragma: no-cache');
|
||||||
header('Expires: ' . $time);
|
header('Expires: ' . $time);
|
||||||
header('Last-Modified: ' . $time);
|
header('Last-Modified: ' . $time);
|
||||||
header('Vary: Accept');
|
header('Vary: Accept');
|
||||||
header('Content-Security-Policy: ' . $this->_conf->getKey('cspheader'));
|
header('Content-Security-Policy: ' . $this->_conf->getKey('cspheader'));
|
||||||
|
header('X-Xss-Protection: 1; mode=block');
|
||||||
|
header('X-Frame-Options: DENY');
|
||||||
|
header('X-Content-Type-Options: nosniff');
|
||||||
|
|
||||||
// label all the expiration options
|
// label all the expiration options
|
||||||
$expire = array();
|
$expire = array();
|
||||||
|
|
Loading…
Reference in New Issue