george/PrivateBin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

introducing CSP header to mitigate XSS attacks, closes #10

Browse Source
This commit is contained in:
El RIDO
2016-08-09 14:46:32 +02:00
parent a28aebae7d
commit addb666a23
11 changed files with 75 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/PrivateBin.php
View File

@@ -402,6 +402,7 @@ class PrivateBin
header('Expires: ' . $time);
header('Last-Modified: ' . $time);
header('Vary: Accept');
header('Content-Security-Policy: ' . $this->_conf->getKey('cspheader'));
// label all the expiration options
$expire = array();