Changeset 3622:d7c2089bb952 for inc/admin/lib.dc.page.php
- Timestamp:
- 12/19/17 06:50:17 (8 years ago)
- Branch:
- default
- Parents:
- 3621:e1a3f3cf4930 (diff), 3611:e8ccb1c08e9f (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent. - Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
inc/admin/lib.dc.page.php
r3599 r3622 94 94 # Content-Type 95 95 $headers['content-type'] = 'Content-Type: text/html; charset=UTF-8'; 96 97 # Referrer Policy for admin pages 98 $headers['referrer'] = 'Referrer-Policy: strict-origin'; 96 99 97 100 # Prevents Clickjacking as far as possible … … 352 355 353 356 if (!$GLOBALS['__resources']['ctxhelp']) { 354 echo 355 '<p id="help-button"><a href="'.$core->adminurl->get("admin.help").'" class="outgoing" title="'. 356 __('Global help').'">'.__('Global help').'</a></p>'; 357 if (!$core->auth->user_prefs->interface->hidehelpbutton) { 358 echo 359 '<p id="help-button"><a href="'.$core->adminurl->get("admin.help").'" class="outgoing" title="'. 360 __('Global help').'">'.__('Global help').'</a></p>'; 361 } 357 362 } 358 363 … … 419 424 header('Content-Type: text/html; charset=UTF-8'); 420 425 421 // Prevents Clickjacking as far as possible 426 # Referrer Policy for admin pages 427 header('Referrer-Policy: strict-origin'); 428 429 # Prevents Clickjacking as far as possible 422 430 header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+ 423 431 … … 596 604 { 597 605 global $core; 606 607 if ($core->auth->user_prefs->interface->hidehelpbutton) { 608 return; 609 } 610 598 611 $args = func_get_args(); 599 600 612 $args = new ArrayObject($args); 601 613 -
inc/admin/lib.dc.page.php
r3619 r3622 122 122 $csp_prefix."'self' 'unsafe-inline'".$csp_suffix; 123 123 $csp['img-src'] = $core->blog->settings->system->csp_admin_img ?: 124 $csp_prefix."'self' data: media.dotaddict.org blob:";124 $csp_prefix."'self' data: http://media.dotaddict.org blob:"; 125 125 126 126 # Cope with blog post preview (via public URL in iframe)
Note: See TracChangeset
for help on using the changeset viewer.