mirror of
https://github.com/the-djmaze/snappymail.git
synced 2024-12-25 08:32:57 +08:00
Set X-Frame-Options: DENY
when frame_ancestors is empty
This commit is contained in:
parent
66fafd3981
commit
145c11d58e
2 changed files with 7 additions and 3 deletions
|
@ -26,7 +26,6 @@
|
|||
# Header set Strict-Transport-Security "max-age=31536000"
|
||||
Header set imagetoolbar "no"
|
||||
# Header set X-Content-Type-Options "nosniff"
|
||||
# Header set X-Frame-Options "DENY"
|
||||
# Header set X-XSS-Protection "1; mode=block"
|
||||
Header set Service-Worker-Allowed "/"
|
||||
|
||||
|
|
|
@ -29,8 +29,8 @@ class CSP
|
|||
{
|
||||
if ($default) {
|
||||
foreach (\explode(';', $default) as $directive) {
|
||||
$values = \explode(' ', $directive);
|
||||
$name = \str_replace('-', '_', \preg_replace('/-(src)$/D', '', \trim(\array_shift($values))));
|
||||
$values = \preg_split('/\\s+/', $directive);
|
||||
$name = \str_replace('-', '_', \preg_replace('/-(src|uri)$/D', '', \trim(\array_shift($values))));
|
||||
$this->$name = \array_unique(\array_merge($this->$name, $values));
|
||||
}
|
||||
}
|
||||
|
@ -73,6 +73,11 @@ class CSP
|
|||
} else {
|
||||
\header('Content-Security-Policy: ' . $this);
|
||||
}
|
||||
if (!$this->frame_ancestors) {
|
||||
\header('X-Frame-Options: DENY');
|
||||
} else {
|
||||
// \header('X-Frame-Options: SAMEORIGIN');
|
||||
}
|
||||
}
|
||||
|
||||
public static function logReport() : void
|
||||
|
|
Loading…
Reference in a new issue