adding new security headers, fixes #765
This commit is contained in:
parent
d727837324
commit
9e6eb50ced
@ -2,6 +2,7 @@
|
||||
|
||||
* **1.4 (not yet released)**
|
||||
* ADDED: Translation for Estonian
|
||||
* ADDED: new HTTP headers improving security (#765)
|
||||
* **1.3.5 (2021-04-05)**
|
||||
* ADDED: Translation for Hebrew, Lithuanian, Indonesian and Catalan
|
||||
* ADDED: Make the project info configurable (#681)
|
||||
|
@ -346,10 +346,13 @@ class Controller
|
||||
header('Last-Modified: ' . $time);
|
||||
header('Vary: Accept');
|
||||
header('Content-Security-Policy: ' . $this->_conf->getKey('cspheader'));
|
||||
header('Cross-Origin-Resource-Policy: same-origin');
|
||||
header('Cross-Origin-Embedder-Policy: require-corp');
|
||||
header('Cross-Origin-Opener-Policy: same-origin');
|
||||
header('Referrer-Policy: no-referrer');
|
||||
header('X-Xss-Protection: 1; mode=block');
|
||||
header('X-Frame-Options: DENY');
|
||||
header('X-Content-Type-Options: nosniff');
|
||||
header('X-Frame-Options: deny');
|
||||
header('X-XSS-Protection: 1; mode=block');
|
||||
|
||||
// label all the expiration options
|
||||
$expire = array();
|
||||
|
Loading…
Reference in New Issue
Block a user