diff options
author | nachoparker <nacho@ownyourbits.com> | 2019-03-09 12:31:17 +0300 |
---|---|---|
committer | nachoparker <nacho@ownyourbits.com> | 2019-03-09 12:31:40 +0300 |
commit | f5ba0b10ee6cb01183823339dd2443051ef0dcb9 (patch) | |
tree | 54d5690ba1ce522787d635b57702a1d705950e5b | |
parent | 1a46667df5a0886cf8c06c5b47968dc5c2fe6e63 (diff) |
wizard: fix headersv1.9.3
-rw-r--r-- | changelog.md | 4 | ||||
-rw-r--r-- | ncp-web/wizard/index.php | 42 |
2 files changed, 29 insertions, 17 deletions
diff --git a/changelog.md b/changelog.md index a69183fc..be47dea0 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,7 @@ -[v1.9.2](https://github.com/nextcloud/nextcloudpi/commit/8e97067) (2019-03-08) cleanup update.sh +[v1.9.3](https://github.com/nextcloud/nextcloudpi/commit/94bdbc3) (2019-03-09) wizard: fix headers + +[v1.9.2](https://github.com/nextcloud/nextcloudpi/commit/1a46667) (2019-03-08) cleanup update.sh [v1.9.1 ](https://github.com/nextcloud/nextcloudpi/commit/060f004) (2019-03-03) fix LE cron diff --git a/ncp-web/wizard/index.php b/ncp-web/wizard/index.php index 930dad1b..4cc6ba6e 100644 --- a/ncp-web/wizard/index.php +++ b/ncp-web/wizard/index.php @@ -1,3 +1,29 @@ +<?php +/* + NextCloudPi Wizard + + Copyleft 2017 by Pantelis Sarantos and Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> + GPL licensed (see end of file) * Use at your own risk! + + More at https://nextcloudpi.com + +**/ + + ini_set('session.cookie_httponly', 1); + if ( isset($_SERVER['HTTPS']) ) + ini_set('session.cookie_secure', 1); + + session_start(); + + // security headers + header("Content-Security-Policy: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; object-src 'self';"); + header("X-XSS-Protection: 1; mode=block"); + header("X-Content-Type-Options: nosniff"); + header("X-Robots-Tag: none"); + header("X-Permitted-Cross-Domain-Policies: none"); + header("X-Frame-Options: DENY"); + header("Cache-Control: max-age=15778463"); +?> <!DOCTYPE html> <html> <head> @@ -7,22 +33,6 @@ <!-- Bootstrap --> <link href="bootstrap/css/bootstrap.min.css" rel="stylesheet"> <link href="CSS/wizard.css" rel="stylesheet"> - <?php - session_start(); - - ini_set('session.cookie_httponly', 1); - if ( isset($_SERVER['HTTPS']) ) - ini_set('session.cookie_secure', 1); - - // security headers - header("Content-Security-Policy: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; object-src 'self';"); - header("X-XSS-Protection: 1; mode=block"); - header("X-Content-Type-Options: nosniff"); - header("X-Robots-Tag: none"); - header("X-Permitted-Cross-Domain-Policies: none"); - header("X-Frame-Options: DENY"); - header("Cache-Control: max-age=15778463"); - ?> <link rel="icon" type="image/png" href="../img/favicon.png" /> </head> <body> |