WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

set security headers

This commit is contained in:
Roland Gruber 2019-02-01 19:38:03 +01:00
parent 77e7c77e20
commit 1bd598b0c3
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lam/lib/security.inc
View File

@ -2,7 +2,7 @@
/* /*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2006 - 2018 Roland Gruber Copyright (C) 2006 - 2019 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -664,7 +664,9 @@ function getSecurityTokenValue() {
function setLAMHeaders() { function setLAMHeaders() {
if (!headers_sent()) { if (!headers_sent()) {
header('X-Frame-Options: sameorigin'); header('X-Frame-Options: sameorigin');
header('Content-Security-Policy: frame-ancestors \'self\''); header('Content-Security-Policy: frame-ancestors \'self\'; form-action \'self\'; base-uri \'none\'; object-src \'none\'; frame-src \'self\'; worker-src \'self\'');
header('X-Content-Type-Options: nosniff');
header('X-XSS-Protection: 1; mode=block');
} }
} }