From 1bd598b0c3a34698922a83532bdf7fcf4824b4c0 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Fri, 1 Feb 2019 19:38:03 +0100
Subject: [PATCH] set security headers

---
 lam/lib/security.inc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lam/lib/security.inc b/lam/lib/security.inc
index b223e6d3..a840baf8 100644
--- a/lam/lib/security.inc
+++ b/lam/lib/security.inc
@@ -2,7 +2,7 @@
 /*
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2006 - 2018  Roland Gruber
+  Copyright (C) 2006 - 2019  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -664,7 +664,9 @@ function getSecurityTokenValue() {
 function setLAMHeaders() {
 	if (!headers_sent()) {
 		header('X-Frame-Options: sameorigin');
-		header('Content-Security-Policy: frame-ancestors \'self\'');
+		header('Content-Security-Policy: frame-ancestors \'self\'; form-action \'self\'; base-uri \'none\'; object-src \'none\'; frame-src \'self\'; worker-src \'self\'');
+		header('X-Content-Type-Options: nosniff');
+		header('X-XSS-Protection: 1; mode=block');
 	}
 }