danwin1210/onion-link-list
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Disallow framing in CSP

Browse Source
This commit is contained in:
Daniel Winzen
2020-10-15 20:31:50 +02:00
parent 32d9609e4f
commit c8f815552a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
common_config.php
View File

@ -123,7 +123,7 @@ function send_headers(array $styles = []){
foreach($styles as $style) {
$style_hashes .= " 'sha256-".base64_encode(hash('sha256', $style, true))."'";
}
header("Content-Security-Policy: default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self' data:; media-src 'self'; style-src 'self'$style_hashes");
header("Content-Security-Policy: default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data:; media-src 'self'; style-src 'self'$style_hashes");
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: sameorigin');
header('X-XSS-Protection: 1; mode=block');