We use cookies to ensure you get the best experience on our website
首頁 探索 說明
註冊 登入
0ct0pu5
/
forkbb
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

rev. 32 To add http headers (security headers)

Two sets of headers: common and secury.
Visman 4 年之前
父節點
683e5a8471
當前提交
3708d0d318
共有 3 個文件被更改,包括 54 次插入1 次删除
統一視圖 顯示文件統計
  1. 35 0
      app/Models/Pages/Admin/Update.php
  2. 1 1
      app/bootstrap.php
  3. 18 0
      app/config/main.dist.php

+ 35 - 0
app/Models/Pages/Admin/Update.php
查看文件 

@@ -1214,6 +1214,41 @@ class Update extends Admin
 
             $this->c->DB->exec($query);
 
             $this->c->DB->exec($query);
 
         }
 
         }
 
 
 
+        return null;
 
+   }
 
+
 
+    /**
 
+     * rev.31 to rev.32
 
+     */
 
+    protected function stageNumber31(array $args): ?int
 
+    {
 
+        $coreConfig = new CoreConfig($this->c->DIR_CONFIG . '/' . self::CONFIG_FILE);
 
+
 
+        $coreConfig->add(
 
+            'HTTP_HEADERS',
 
+            [
 
+                'common' => [
 
+                    'X-Content-Type-Options'  => '\'nosniff\'',
 
+                    'X-Frame-Options'         => '\'DENY\'',
 
+                    'X-XSS-Protection'        => '\'1; mode=block\'',
 
+                    'Referrer-Policy'         => '\'origin-when-cross-origin\'',
 
+                    'Content-Security-Policy' => '\'default-src \\\'self\\\';img-src *;object-src \\\'none\\\';frame-ancestors \\\'none\\\'\'',
 
+                    'Feature-Policy'          => '\'accelerometer \\\'none\\\';ambient-light-sensor \\\'none\\\';autoplay \\\'none\\\';battery \\\'none\\\';camera \\\'none\\\';document-domain \\\'self\\\';fullscreen \\\'self\\\';geolocation \\\'none\\\';gyroscope \\\'none\\\';magnetometer \\\'none\\\';microphone \\\'none\\\';midi \\\'none\\\';payment \\\'none\\\';picture-in-picture \\\'none\\\';sync-xhr \\\'self\\\';usb \\\'none\\\'\'',
 
+                ],
 
+                'secure' => [
 
+                    'X-Content-Type-Options'  => '\'nosniff\'',
 
+                    'X-Frame-Options'         => '\'DENY\'',
 
+                    'X-XSS-Protection'        => '\'1; mode=block\'',
 
+                    'Referrer-Policy'         => '\'origin-when-cross-origin\'',
 
+                    'Content-Security-Policy' => '\'default-src \\\'self\\\';object-src \\\'none\\\';frame-ancestors \\\'none\\\'\'',
 
+                    'Feature-Policy'          => '\'accelerometer \\\'none\\\';ambient-light-sensor \\\'none\\\';autoplay \\\'none\\\';battery \\\'none\\\';camera \\\'none\\\';document-domain \\\'self\\\';fullscreen \\\'self\\\';geolocation \\\'none\\\';gyroscope \\\'none\\\';magnetometer \\\'none\\\';microphone \\\'none\\\';midi \\\'none\\\';payment \\\'none\\\';picture-in-picture \\\'none\\\';sync-xhr \\\'self\\\';usb \\\'none\\\'\'',
 
+                ],
 
+            ],
 
+            'USERNAME_PATTERN'
 
+        );
 
+
 
+        $coreConfig->save();
 
+
 
         return null;
 
         return null;
 
    }
 
    }
 
 }
 
 }

+ 1 - 1
app/bootstrap.php
查看文件 

@@ -50,7 +50,7 @@ if (
 
 }
 
 }
 
 $c->PUBLIC_URL = $c->BASE_URL . $forkPublicPrefix;
 
 $c->PUBLIC_URL = $c->BASE_URL . $forkPublicPrefix;
 
 
 
-$c->FORK_REVISION = 31;
 
+$c->FORK_REVISION = 32;
 
 $c->START         = $forkStart;
 
 $c->START         = $forkStart;
 
 $c->DIR_APP       = __DIR__;
 
 $c->DIR_APP       = __DIR__;
 
 $c->DIR_PUBLIC    = $forkPublic;
 
 $c->DIR_PUBLIC    = $forkPublic;

+ 18 - 0
app/config/main.dist.php
查看文件 

@@ -53,6 +53,24 @@ return [
 
     'MAX_EMAIL_LENGTH' => 80,
 
     'MAX_EMAIL_LENGTH' => 80,
 
     'FLOOD_INTERVAL'   => 3600,
 
     'FLOOD_INTERVAL'   => 3600,
 
     'USERNAME_PATTERN' => '%^(?=.{2,25}$)\p{L}[\p{L}\p{N}\x20\._-]+$%uD',
 
     'USERNAME_PATTERN' => '%^(?=.{2,25}$)\p{L}[\p{L}\p{N}\x20\._-]+$%uD',
 
+    'HTTP_HEADERS'     => [
 
+        'common' => [
 
+            'X-Content-Type-Options'  => 'nosniff',
 
+            'X-Frame-Options'         => 'DENY',
 
+            'X-XSS-Protection'        => '1; mode=block',
 
+            'Referrer-Policy'         => 'origin-when-cross-origin',
 
+            'Content-Security-Policy' => 'default-src \self\';img-src *;object-src \'none\';frame-ancestors \'none\'',
 
+            'Feature-Policy'          => 'accelerometer \'none\';ambient-light-sensor \'none\';autoplay \'none\';battery \'none\';camera \'none\';document-domain \'self\';fullscreen \'self\';geolocation \'none\';gyroscope \'none\';magnetometer \'none\';microphone \'none\';midi \'none\';payment \'none\';picture-in-picture \'none\';sync-xhr \'self\';usb \'none\'',
 
+        ],
 
+        'secure' => [
 
+            'X-Content-Type-Options'  => 'nosniff',
 
+            'X-Frame-Options'         => 'DENY',
 
+            'X-XSS-Protection'        => '1; mode=block',
 
+            'Referrer-Policy'         => 'origin-when-cross-origin',
 
+            'Content-Security-Policy' => 'default-src \self\';object-src \'none\';frame-ancestors \'none\'',
 
+            'Feature-Policy'          => 'accelerometer \'none\';ambient-light-sensor \'none\';autoplay \'none\';battery \'none\';camera \'none\';document-domain \'self\';fullscreen \'self\';geolocation \'none\';gyroscope \'none\';magnetometer \'none\';microphone \'none\';midi \'none\';payment \'none\';picture-in-picture \'none\';sync-xhr \'self\';usb \'none\'',
 
+        ],
 
+    ],
 
 
 
     'shared' => [
 
     'shared' => [
 
         'DB' => [
 
         'DB' => [

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5