nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[core] Include Content Security Policy HTTP headers.

Browse Source 
See <https://wiki.mozilla.org/Security/CSP/Specification> for more
details. I hope current rule is flexible enough to avoid impact on
existing functionality.
This commit is contained in:
Michal Čihař
2010-04-25 16:51:53 +02:00
parent ec263b9170
commit 2154120e3a
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -80,6 +80,7 @@ $Id$
+ rfe #2983207, patch #2988715 [interface] Use jQuery calendar dialog, thanks + rfe #2983207, patch #2988715 [interface] Use jQuery calendar dialog, thanks
to Muhammad Adnan. to Muhammad Adnan.
+ [doc] Incorporate synchronisation docs into main document. + [doc] Incorporate synchronisation docs into main document.
+ [core] Include Content Security Policy HTTP headers.
3.3.3.0 (not yet released) 3.3.3.0 (not yet released)
- patch #2982480 [navi] Do not group if there would be one table in group, - patch #2982480 [navi] Do not group if there would be one table in group,

1
libraries/header_http.inc.php
View File

@@ -23,6 +23,7 @@ $GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT';
/* Prevent against ClickJacking by allowing frames only from same origin */ /* Prevent against ClickJacking by allowing frames only from same origin */
if (!$GLOBALS['cfg']['AllowThirdPartyFraming']) { if (!$GLOBALS['cfg']['AllowThirdPartyFraming']) {
header('X-Frame-Options: SAMEORIGIN'); header('X-Frame-Options: SAMEORIGIN');
header('X-Content-Security-Policy: allow \'self\'; options inline-script eval-script; frame-ancestors \'self\'');
} }
header('Expires: ' . $GLOBALS['now']); // rfc2616 - Section 14.21 header('Expires: ' . $GLOBALS['now']); // rfc2616 - Section 14.21
header('Last-Modified: ' . $GLOBALS['now']); header('Last-Modified: ' . $GLOBALS['now']);