Skip to content
GitLab
Commit e607b5b6 authored by Côme Chilliet's avatar Côme Chilliet
Browse files

Merge branch '5842-security-missing-security-headers' into '1.3-dev' 

Resolve "Security: Missing Security Headers"

See merge request fusiondirectory/fd!281

(cherry picked from commit b7e0a451)

f215a8ce :sparkles: feat(core) Add security HTTP headers
parent 5ddec6fc
dev 6342-update-the-locales-for-1-5 6344-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen 6365-core-locking-mechanism-is-not-changing-the-mail-ressource-it-does-lock-the-mail-account 6365-core-when-lock-mechanism-is-trigger-the-user-should-not-be-editable-if-not-unlock 6378-orcid-test-method-is-wrong-and-break-orcid-saving core-php8 master fusiondirectory-1.5 fusiondirectory-1.4 fusiondirectory-1.3.1 fusiondirectory-1.3 fusiondirectory-1.2.3 fusiondirectory-1.2.2
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 13 additions and 5 deletions
+13 -5
html/index.php
+ 5
1
View file @ e607b5b6
......@@ -24,7 +24,11 @@ require_once ("../include/php_setup.inc");
require_once ("functions.inc");
require_once ("variables.inc");
require_once ("class_logging.inc");
header("Content-type: text/html; charset=UTF-8");
/* Set headers */
header('Content-type: text/html; charset=UTF-8');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
/* Display the login page and exit() */
function displayLogin()
......
html/main.php
+ 4
2
View file @ e607b5b6
......@@ -27,8 +27,10 @@ require_once ("../include/php_setup.inc");
require_once ("functions.inc");
require_once ("variables.inc");
/* Set header */
header("Content-type: text/html; charset=UTF-8");
/* Set headers */
header('Content-type: text/html; charset=UTF-8');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
/* Set the text domain as 'fusiondirectory' */
$domain = 'fusiondirectory';
......
html/setup.php
+ 4
2
View file @ e607b5b6
......@@ -35,8 +35,10 @@ require_once("../setup/class_setupStepMigrate.inc");
require_once("../setup/class_setupStepFinish.inc");
/* Set header */
header("Content-type: text/html; charset=UTF-8");
/* Set headers */
header('Content-type: text/html; charset=UTF-8');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
/* Set cookie lifetime to one day (The parameter is in seconds ) */
session_set_cookie_params(24 * 60 * 60);
......
  • bmortier @bmortier

    mentioned in commit 41dfbba5

    By Côme Chilliet on 2020-06-11T14:30:46 (imported from GitLab)

     ·

    mentioned in commit 41dfbba5

    By Côme Chilliet on 2020-06-11T14:30:46 (imported from GitLab)

    Toggle commit list
  • bmortier @bmortier

    mentioned in merge request !783

    By bmortier on 2020-06-11T14:31:01 (imported from GitLab)

     ·

    mentioned in merge request !783

    By bmortier on 2020-06-11T14:31:01 (imported from GitLab)

    Toggle commit list
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment