open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add CSP header

Browse Source
remotes/origin/stable5
Lukas Reschke 13 years ago
parent 8daefd00fb
commit c82d6e5153
1 changed files with 5 additions and 4 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      lib/template.php

9
lib/template.php
Unescape View File

@ -186,10 +186,11 @@ class OC_Template{
$this->l10n = OC_L10N::get($parts[0]);
// Some headers to enhance security
header('X-Frame-Options: Sameorigin');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains
header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters
header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
header('Content-Security-Policy: script-src \'self\' \'unsafe-inline\'; object-src \'self\''); // Disallow external JS/Flash + eval()
$this->findTemplate($name);
}

Write Preview
Loading…
Cancel
Save