Improve Content-Security-Policy header
This commit is contained in:
Frederic Guillot
parent
5b4bbaa2d1
commit
a1f1ba8971
@ -36,7 +36,7 @@ Router\before(function($action) {
|
|||||||
Response\csp(array(
|
Response\csp(array(
|
||||||
'media-src' => '*',
|
'media-src' => '*',
|
||||||
'img-src' => '*',
|
'img-src' => '*',
|
||||||
'frame-src' => implode(' ', \PicoFeed\Filter::$iframe_whitelist)
|
'frame-src' => \PicoFeed\Filter::$iframe_whitelist
|
||||||
));
|
));
|
||||||
|
|
||||||
Response\xframe();
|
Response\xframe();
|
||||||
|
|||||||
22
vendor/PicoFarad/Response.php
vendored
22
vendor/PicoFarad/Response.php
vendored
@ -99,18 +99,30 @@ function binary($data, $status_code = 200)
|
|||||||
function csp(array $policies = array())
|
function csp(array $policies = array())
|
||||||
{
|
{
|
||||||
$policies['default-src'] = "'self'";
|
$policies['default-src'] = "'self'";
|
||||||
|
$values = '';
|
||||||
|
|
||||||
foreach (array('X-WebKit-CSP', 'X-Content-Security-Policy', 'Content-Security-Policy') as $header) {
|
foreach ($policies as $policy => $hosts) {
|
||||||
|
|
||||||
$values = '';
|
if (is_array($hosts)) {
|
||||||
|
|
||||||
foreach ($policies as $policy => $hosts) {
|
$acl = '';
|
||||||
|
|
||||||
$values .= $policy.' '.$hosts.'; ';
|
foreach ($hosts as &$host) {
|
||||||
|
|
||||||
|
if ($host === '*' || $host === 'self' || strpos($host, 'http') === 0) {
|
||||||
|
$acl .= $host.' ';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
|
||||||
|
$acl = $hosts;
|
||||||
}
|
}
|
||||||
|
|
||||||
header($header.': '.$values);
|
$values .= $policy.' '.trim($acl).'; ';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
header('Content-Security-Policy: '.$values);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user