jan
/
miniflux-legacy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Improve Content-Security-Policy header

This commit is contained in:
Frederic Guillot 2013-08-05 19:21:37 -04:00
parent 5b4bbaa2d1
commit a1f1ba8971
2 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
index.php
View File

@ -36,7 +36,7 @@ Router\before(function($action) {
Response\csp(array( Response\csp(array(
'media-src' => '*', 'media-src' => '*',
'img-src' => '*', 'img-src' => '*',
'frame-src' => implode(' ', \PicoFeed\Filter::$iframe_whitelist) 'frame-src' => \PicoFeed\Filter::$iframe_whitelist
)); ));
Response\xframe(); Response\xframe();

22
vendor/PicoFarad/Response.php vendored
View File

@ -99,18 +99,30 @@ function binary($data, $status_code = 200)
function csp(array $policies = array()) function csp(array $policies = array())
{ {
$policies['default-src'] = "'self'"; $policies['default-src'] = "'self'";
$values = '';
foreach (array('X-WebKit-CSP', 'X-Content-Security-Policy', 'Content-Security-Policy') as $header) { foreach ($policies as $policy => $hosts) {
$values = ''; if (is_array($hosts)) {
foreach ($policies as $policy => $hosts) { $acl = '';
$values .= $policy.' '.$hosts.'; '; foreach ($hosts as &$host) {
if ($host === '*' || $host === 'self' || strpos($host, 'http') === 0) {
$acl .= $host.' ';
}
}
}
else {
$acl = $hosts;
} }
header($header.': '.$values); $values .= $policy.' '.trim($acl).'; ';
} }
header('Content-Security-Policy: '.$values);
} }