mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-13 03:27:39 +03:00
Added some CSP info
This commit is contained in:
parent
b0fea1e7c1
commit
004de4e48c
1 changed files with 4 additions and 1 deletions
|
|
@ -12,6 +12,9 @@ class CSP
|
||||||
$report_to = [],
|
$report_to = [],
|
||||||
$report_only = false;
|
$report_only = false;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#directives
|
||||||
|
*/
|
||||||
private $directives = [
|
private $directives = [
|
||||||
'base-uri' => ["'self'"],
|
'base-uri' => ["'self'"],
|
||||||
'default-src' => ["'self'", 'data:'],
|
'default-src' => ["'self'", 'data:'],
|
||||||
|
|
@ -79,7 +82,7 @@ class CSP
|
||||||
} else {
|
} else {
|
||||||
\header('Content-Security-Policy: ' . $this);
|
\header('Content-Security-Policy: ' . $this);
|
||||||
}
|
}
|
||||||
if (empty($this->directives['frame-ancestors'])) {
|
if (empty($this->directives['frame-ancestors']) || \in_array('none', $this->directives['frame-ancestors'])) {
|
||||||
\header('X-Frame-Options: DENY');
|
\header('X-Frame-Options: DENY');
|
||||||
} else {
|
} else {
|
||||||
// \header('X-Frame-Options: SAMEORIGIN');
|
// \header('X-Frame-Options: SAMEORIGIN');
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue