introducing CSP header to mitigate XSS attacks, closes #10

2016-08-09 14:46:32 +02:00
parent a28aebae7d
commit addb666a23
11 changed files with 75 additions and 18 deletions
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@@ -51,6 +51,7 @@ class Configuration
            'languagedefault' => '',
            'urlshortener' => '',
            'vizhash' => true,
+            'cspheader' => 'default-src \'none\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\';',
            'zerobincompatibility' => false,
        ),
        'expire' => array(