Mirrors/ICEcoder
2
0
Fork 0
mirror of https://github.com/icecoder/ICEcoder.git synced 2026-03-03 07:13:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Only if no headers sent, set the 3 headers

Browse Source
This commit is contained in:
Matt Pass
2014-09-26 11:59:03 +01:00
parent 2409bc19c2
commit cc5cd166be
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/headers.php
View File

@@ -25,9 +25,11 @@ if (($_GET || $_POST) && (!isset($_REQUEST["csrf"]) || $_REQUEST["csrf"] !== $_S
POST: ".xssClean(var_export($_POST, true),"html"));
}
// Set our security related headers
header("X-Frame-Options: SAMEORIGIN"); // Only frames of same origin
header("X-XSS-Protection: 1; mode=block"); // Turn on IE8-9 XSS prevention tools
// header("X-Content-Security-Policy: allow 'self'"); // Only allows JS on same domain & not inline to run
header("X-Content-Type-Options: nosniff"); // Prevent MIME based attacks
if (!headers_sent()) {
// Set our security related headers
header("X-Frame-Options: SAMEORIGIN"); // Only frames of same origin
header("X-XSS-Protection: 1; mode=block"); // Turn on IE8-9 XSS prevention tools
// header("X-Content-Security-Policy: allow 'self'"); // Only allows JS on same domain & not inline to run
header("X-Content-Type-Options: nosniff"); // Prevent MIME based attacks
}
?>