|
|
|
|
@ -413,7 +413,10 @@ $_configuration['agenda_legend'] = [ |
|
|
|
|
// Content Security Policy is an effective measure to protect your site from |
|
|
|
|
// XSS attacks. By whitelisting sources of approved content, you can prevent |
|
|
|
|
// the browser from loading malicious assets. |
|
|
|
|
//$_configuration['security_content_policy'] = ''; |
|
|
|
|
// The provided default is an *example*, please customize. |
|
|
|
|
// This setting is particularly complicated to set with CKeditor |
|
|
|
|
//$_configuration['security_content_policy'] = 'default-src \'self\'; script-src *://*.google.com:*'; |
|
|
|
|
//$_configuration['security_content_policy_report_only'] = 'default-src \'self\'; script-src *://*.google.com:*'; |
|
|
|
|
// |
|
|
|
|
// HTTP Public Key Pinning protects your site from MiTM attacks using rogue |
|
|
|
|
// X.509 certificates. By whitelisting only the identities that the browser |
|
|
|
|
@ -439,7 +442,7 @@ $_configuration['agenda_legend'] = [ |
|
|
|
|
//$_configuration['security_x_content_type_options'] = 'X-Content-Type-Options: nosniff'; |
|
|
|
|
// |
|
|
|
|
// Referrer Policy is a new header that allows a site to control how much |
|
|
|
|
// information the browser includes with navigations away from a document |
|
|
|
|
// information the browser includes with navigation away from a document |
|
|
|
|
// and should be set by all sites. |
|
|
|
|
//$_configuration['security_referrer_policy'] = ''; |
|
|
|
|
//$_configuration['security_referrer_policy'] = 'origin-when-cross-origin'; |
|
|
|
|
// HTTP headers security section ends here |
Angel Fernando Quiroz Campos
9 years ago