mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-12-24 06:49:29 -05:00
Prevent referrer to be send
Uses both CSP and Referrer-Policy Fixes #96
This commit is contained in:
parent
b7184b92a3
commit
1a159c973f
@ -1,5 +1,5 @@
|
|||||||
; config file for PrivateBin
|
; config file for PrivateBin
|
||||||
;
|
;
|
||||||
; An explanation of each setting can be find online at https://github.com/PrivateBin/PrivateBin/wiki/Configuration.
|
; An explanation of each setting can be find online at https://github.com/PrivateBin/PrivateBin/wiki/Configuration.
|
||||||
|
|
||||||
[main]
|
[main]
|
||||||
@ -60,7 +60,7 @@ languageselection = false
|
|||||||
; custom scripts from third-party domains to your templates, e.g. tracking
|
; custom scripts from third-party domains to your templates, e.g. tracking
|
||||||
; scripts or run your site behind certain DDoS-protection services.
|
; scripts or run your site behind certain DDoS-protection services.
|
||||||
; Check the documentation at https://content-security-policy.com/
|
; Check the documentation at https://content-security-policy.com/
|
||||||
cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:;"
|
cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer;"
|
||||||
|
|
||||||
; stay compatible with PrivateBin Alpha 0.19, less secure
|
; stay compatible with PrivateBin Alpha 0.19, less secure
|
||||||
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
||||||
|
@ -51,7 +51,7 @@ class Configuration
|
|||||||
'languagedefault' => '',
|
'languagedefault' => '',
|
||||||
'urlshortener' => '',
|
'urlshortener' => '',
|
||||||
'icon' => 'identicon',
|
'icon' => 'identicon',
|
||||||
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:;',
|
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:; referrer no-referrer;',
|
||||||
'zerobincompatibility' => false,
|
'zerobincompatibility' => false,
|
||||||
),
|
),
|
||||||
'expire' => array(
|
'expire' => array(
|
||||||
|
17
test.php
Executable file
17
test.php
Executable file
@ -0,0 +1,17 @@
|
|||||||
|
<?php
|
||||||
|
$RandomCompat_basedir = ini_get('open_basedir');
|
||||||
|
if (!empty($RandomCompat_basedir)) {
|
||||||
|
$RandomCompat_open_basedir = explode(
|
||||||
|
PATH_SEPARATOR,
|
||||||
|
strtolower($RandomCompat_basedir)
|
||||||
|
);
|
||||||
|
$RandomCompatUrandom = (array() !== array_intersect(
|
||||||
|
array('/dev', '/dev/', '/dev/urandom'),
|
||||||
|
$RandomCompat_open_basedir
|
||||||
|
));
|
||||||
|
$RandomCompat_open_basedir = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
var_dump($RandomCompat_basedir);
|
||||||
|
var_dump($RandomCompat_open_basedir);
|
||||||
|
?>
|
@ -7,6 +7,7 @@ use PrivateBin\I18n;
|
|||||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
<meta name="robots" content="noindex" />
|
<meta name="robots" content="noindex" />
|
||||||
|
<meta name="referrer" content="no-referrer">
|
||||||
<title><?php echo I18n::_('PrivateBin'); ?></title>
|
<title><?php echo I18n::_('PrivateBin'); ?></title>
|
||||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-3.3.5.css" />
|
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-3.3.5.css" />
|
||||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
|
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
|
||||||
|
@ -7,6 +7,7 @@ use PrivateBin\I18n;
|
|||||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
<meta name="robots" content="noindex" />
|
<meta name="robots" content="noindex" />
|
||||||
|
<meta name="referrer" content="no-referrer">
|
||||||
<title><?php echo I18n::_('PrivateBin'); ?></title>
|
<title><?php echo I18n::_('PrivateBin'); ?></title>
|
||||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
|
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
|
||||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/darkstrap-0.9.3.css" />
|
<link type="text/css" rel="stylesheet" href="css/bootstrap/darkstrap-0.9.3.css" />
|
||||||
|
@ -7,6 +7,7 @@ use PrivateBin\I18n;
|
|||||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
<meta name="robots" content="noindex" />
|
<meta name="robots" content="noindex" />
|
||||||
|
<meta name="referrer" content="no-referrer">
|
||||||
<title><?php echo I18n::_('PrivateBin'); ?></title>
|
<title><?php echo I18n::_('PrivateBin'); ?></title>
|
||||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
|
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
|
||||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/darkstrap-0.9.3.css" />
|
<link type="text/css" rel="stylesheet" href="css/bootstrap/darkstrap-0.9.3.css" />
|
||||||
|
@ -7,6 +7,7 @@ use PrivateBin\I18n;
|
|||||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
<meta name="robots" content="noindex" />
|
<meta name="robots" content="noindex" />
|
||||||
|
<meta name="referrer" content="no-referrer">
|
||||||
<title><?php echo I18n::_('PrivateBin'); ?></title>
|
<title><?php echo I18n::_('PrivateBin'); ?></title>
|
||||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-3.3.5.css" />
|
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-3.3.5.css" />
|
||||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
|
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
|
||||||
|
@ -7,6 +7,7 @@ use PrivateBin\I18n;
|
|||||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||||
<meta name="robots" content="noindex" />
|
<meta name="robots" content="noindex" />
|
||||||
|
<meta name="referrer" content="no-referrer">
|
||||||
<title><?php echo I18n::_('PrivateBin'); ?></title>
|
<title><?php echo I18n::_('PrivateBin'); ?></title>
|
||||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-3.3.5.css" />
|
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-3.3.5.css" />
|
||||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
|
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
|
||||||
|
@ -5,6 +5,7 @@ use PrivateBin\I18n;
|
|||||||
<head>
|
<head>
|
||||||
<meta charset="utf-8" />
|
<meta charset="utf-8" />
|
||||||
<meta name="robots" content="noindex" />
|
<meta name="robots" content="noindex" />
|
||||||
|
<meta name="referrer" content="no-referrer">
|
||||||
<title><?php echo I18n::_('PrivateBin'); ?></title>
|
<title><?php echo I18n::_('PrivateBin'); ?></title>
|
||||||
<link type="text/css" rel="stylesheet" href="css/privatebin.css?<?php echo rawurlencode($VERSION); ?>" />
|
<link type="text/css" rel="stylesheet" href="css/privatebin.css?<?php echo rawurlencode($VERSION); ?>" />
|
||||||
<?php
|
<?php
|
||||||
|
Loading…
Reference in New Issue
Block a user