kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-10-15 16:57:09 +00:00
Code Issues Projects Releases Wiki Activity

Expand secure headers.

Browse Source
This commit is contained in:
James Cole
2018-08-25 10:49:52 +02:00
parent 2834aca597
commit 5de01628a6
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
app/Http/Middleware/SecureHeaders.php
View File

@@ -60,8 +60,28 @@ class SecureHeaders
"img-src 'self'",
];
$featurePolicies = [
"geolocation 'none'",
"midi 'none'",
"notifications 'none'",
"push 'self'",
"sync-xhr 'self'",
"microphone 'none'",
"camera 'none'",
"magnetometer 'none'",
"gyroscope 'none'",
"speaker 'none'",
"vibrate 'none'",
"fullscreen 'self'",
"payment 'none'",
];
$response->header('X-Frame-Options', 'deny');
$response->header('Content-Security-Policy', implode('; ', $csp));
$response->header('X-XSS-Protection', '1; mode=block');
$response->header('X-Content-Type-Options', 'nosniff');
$response->header('Referrer-Policy', 'no-referrer');
$response->header('Feature-Policy', implode('; ', $featurePolicies));
return $response;
}