adding new security headers, fixes #765
This commit is contained in:
parent
d727837324
commit
9e6eb50ced
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
* **1.4 (not yet released)**
|
* **1.4 (not yet released)**
|
||||||
* ADDED: Translation for Estonian
|
* ADDED: Translation for Estonian
|
||||||
|
* ADDED: new HTTP headers improving security (#765)
|
||||||
* **1.3.5 (2021-04-05)**
|
* **1.3.5 (2021-04-05)**
|
||||||
* ADDED: Translation for Hebrew, Lithuanian, Indonesian and Catalan
|
* ADDED: Translation for Hebrew, Lithuanian, Indonesian and Catalan
|
||||||
* ADDED: Make the project info configurable (#681)
|
* ADDED: Make the project info configurable (#681)
|
||||||
|
|
|
@ -346,10 +346,13 @@ class Controller
|
||||||
header('Last-Modified: ' . $time);
|
header('Last-Modified: ' . $time);
|
||||||
header('Vary: Accept');
|
header('Vary: Accept');
|
||||||
header('Content-Security-Policy: ' . $this->_conf->getKey('cspheader'));
|
header('Content-Security-Policy: ' . $this->_conf->getKey('cspheader'));
|
||||||
|
header('Cross-Origin-Resource-Policy: same-origin');
|
||||||
|
header('Cross-Origin-Embedder-Policy: require-corp');
|
||||||
|
header('Cross-Origin-Opener-Policy: same-origin');
|
||||||
header('Referrer-Policy: no-referrer');
|
header('Referrer-Policy: no-referrer');
|
||||||
header('X-Xss-Protection: 1; mode=block');
|
|
||||||
header('X-Frame-Options: DENY');
|
|
||||||
header('X-Content-Type-Options: nosniff');
|
header('X-Content-Type-Options: nosniff');
|
||||||
|
header('X-Frame-Options: deny');
|
||||||
|
header('X-XSS-Protection: 1; mode=block');
|
||||||
|
|
||||||
// label all the expiration options
|
// label all the expiration options
|
||||||
$expire = array();
|
$expire = array();
|
||||||
|
|
Loading…
Reference in New Issue