Infra-Mirrors/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-07-22 06:28:46 -04:00
Code Issues Projects Releases Packages Wiki Activity

moved referrer policy from CSP & meta to proper HTTP header to avoid browser console error message about unknown CSP header and to ensure it always applies before HTML is parsed, fixes #196

Browse source
This commit is contained in:
El RIDO 2019-06-27 20:31:10 +02:00
parent 67b9b5f0d8
commit 11375a4f59
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
5 changed files with 3 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
lib/Controller.php
View file

@ -343,6 +343,7 @@ class Controller
header('Last-Modified: ' . $time);
header('Vary: Accept');
header('Content-Security-Policy: ' . $this->_conf->getKey('cspheader'));
header('Referrer-Policy: no-referrer');
header('X-Xss-Protection: 1; mode=block');
header('X-Frame-Options: DENY');
header('X-Content-Type-Options: nosniff');