Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
mahara
mahara
Commits
5eb7de72
Commit
5eb7de72
authored
Mar 22, 2016
by
Robert Lyon
Committed by
Gerrit Code Review
Mar 22, 2016
Browse files
Merge "Adding some HTTP headers for security (Bug 1531987)"
parents
e82c0fcb
29656f03
Changes
1
Hide whitespace changes
Inline
Side-by-side
htdocs/init.php
View file @
5eb7de72
...
...
@@ -331,8 +331,14 @@ if (!defined('CLI')) {
header
(
'Expires: '
.
gmdate
(
'D, d M Y H:i:s'
,
507686400
)
.
' GMT'
);
header
(
'Pragma: no-cache'
);
//
Prevent clickjacking through iframe tag
s
//
Security headers. See https://www.owasp.org/index.php/List_of_useful_HTTP_header
s
header
(
'X-Frame-Options: SAMEORIGIN'
);
header
(
'X-XSS-Protection: 1; mode=block'
);
header
(
'X-Content-Type-Options: nosniff'
);
header
(
'X-Permitted-Cross-Domain-Policies: master-only'
);
// Don't print precise PHP version as an HTTP header
header_remove
(
'x-powered-by'
);
}
// Only do authentication once we know the page theme, so that the login form
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment