sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add CSP header

remotes/origin/stable5
Lukas Reschke 2013-01-20 12:06:33 +07:00
parent 8daefd00fb
commit c82d6e5153
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/template.php
Unescape Escape View File

@ -186,10 +186,11 @@ class OC_Template{
$this->l10n = OC_L10N::get($parts[0]);
// Some headers to enhance security
header('X-Frame-Options: Sameorigin');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains
header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters
header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
header('Content-Security-Policy: script-src \'self\' \'unsafe-inline\'; object-src \'self\''); // Disallow external JS/Flash + eval()
$this->findTemplate($name);
}