danwin1210/hit-counter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: danwin1210:1.1
Branches Tags
danwin1210:master
danwin1210:1.1 danwin1210:1.0
...
compare: danwin1210:master
Branches Tags
danwin1210:master
danwin1210:1.1 danwin1210:1.0

5 Commits
1.1 ... master

Author SHA1 Message Date
Daniel Winzen
be848fe9dd Add missing Cross-Origin-Resource-Policy header - fixes #3 2023-10-20 19:06:52 +02:00
Daniel Winzen
b87b6a8c2c Disallow otp-credentials Permission 2021-06-19 12:44:46 +02:00
Daniel Winzen
5d6dec61c8 Forbid tracking users via FLoC 2021-05-19 07:21:36 +02:00
Daniel Winzen
7868341657 Add new security headers 2021-05-14 18:10:02 +02:00
Daniel Winzen
613096ecef New Permissions-Policy syntax 2021-05-04 20:36:12 +02:00
2 changed files with 6 additions and 4 deletions
Expand all files Collapse all files

2
counter.php
View File

@ -41,6 +41,8 @@ if(!$id=$stmt->fetch(PDO::FETCH_NUM)){
header_remove('X-Frame-Options');
header("Content-Security-Policy: base-uri 'self'; default-src 'none'; frame-ancestors '*'");
header('Content-Type: image/gif');
header('Access-Control-Allow-Origin: *');
header('Cross-Origin-Resource-Policy: cross-origin');
//add visitor to db
if(isSet($_COOKIE["counted$_REQUEST[id]"])){

8
counter_config.php
View File

@ -75,7 +75,10 @@ function send_headers(array $styles = []){
header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0, private');
header('Expires: 0');
header('Referrer-Policy: no-referrer');
header("Permissions-Policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; cross-origin-isolated 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; geolocation 'none'; fullscreen 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; screen-wake-lock 'none'; sync-xhr 'none'; usb 'none'; web-share 'none'; xr-spatial-tracking 'none'; clipboard-read 'none'; clipboard-write 'none'; gamepad 'none'; speaker-selection 'none'; conversion-measurement 'none'; focus-without-user-activation 'none'; hid 'none'; idle-detection 'none'; sync-script 'none'; vertical-scroll 'none'; serial 'none'; trust-token-redemption 'none';");
header("Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), sync-script=(), vertical-scroll=(), serial=(), trust-token-redemption=(), interest-cohort=(), otp-credentials=()");
header("Cross-Origin-Embedder-Policy: require-corp");
header("Cross-Origin-Opener-Policy: same-origin");
header("Cross-Origin-Resource-Policy: same-origin");
$style_hashes = '';
foreach($styles as $style) {
$style_hashes .= " 'sha256-".base64_encode(hash('sha256', $style, true))."'";
@ -84,9 +87,6 @@ function send_headers(array $styles = []){
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: sameorigin');
header('X-XSS-Protection: 1; mode=block');
if($_SERVER['REQUEST_METHOD'] === 'HEAD'){
exit; // headers sent, no further processing needed
}
}
function set_secure_cookie(string $name, string $value){