arno
/
privatebin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Adding HTTP headers to address certain XSS attacks, resolves #91

Browse Source
pull/113/head
El RIDO 8 years ago
parent ec7af3a738
commit 8cfcf1c9f5
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File

5
lib/PrivateBin.php
Unescape View File

@ -403,12 +403,15 @@ class PrivateBin
{
// set headers to disable caching
$time = gmdate('D, d M Y H:i:s \G\M\T');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: no-store, no-cache, no-transform, must-revalidate');
header('Pragma: no-cache');
header('Expires: ' . $time);
header('Last-Modified: ' . $time);
header('Vary: Accept');
header('Content-Security-Policy: ' . $this->_conf->getKey('cspheader'));
header('X-Xss-Protection: 1; mode=block');
header('X-Frame-Options: DENY');
header('X-Content-Type-Options: nosniff');
// label all the expiration options
$expire = array();

Write Preview
Loading…
Cancel
Save