Changeset 3276:78fe7ff87661 for inc

Timestamp:

07/20/16 09:39:16 (9 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

default

Message:

First step of CSP integration, admin only up to now ; addresses #1867

File:

inc/admin/lib.dc.page.php

-                      r3262
+                      r3276
                self::setXFrameOptions();
+          }
+          # Content-Security-Policy (report only up to now)
+          header(
+               "Content-Security-Policy: ".
+                    "default-src 'self' ; ".
+                    "script-src 'self' 'unsafe-inline' 'unsafe-eval' ; ".
+                    "style-src 'self' 'unsafe-inline' ; ".
+                    "img-src 'self' data:".
+                    (version_compare(phpversion(),'5.4','>=') ? " ; report-uri ".DC_ADMIN_URL."csp_report.php" : '')
+               );
           echo
           '<!DOCTYPE html>'.

Note: See TracChangeset for help on using the changeset viewer.