diff options
Diffstat (limited to 'ncp-web/wizard/index.php')
-rw-r--r-- | ncp-web/wizard/index.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/ncp-web/wizard/index.php b/ncp-web/wizard/index.php index e7471e4e..930dad1b 100644 --- a/ncp-web/wizard/index.php +++ b/ncp-web/wizard/index.php @@ -10,6 +10,10 @@ <?php session_start(); + ini_set('session.cookie_httponly', 1); + if ( isset($_SERVER['HTTPS']) ) + ini_set('session.cookie_secure', 1); + // security headers header("Content-Security-Policy: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; object-src 'self';"); header("X-XSS-Protection: 1; mode=block"); @@ -18,9 +22,6 @@ header("X-Permitted-Cross-Domain-Policies: none"); header("X-Frame-Options: DENY"); header("Cache-Control: max-age=15778463"); - ini_set('session.cookie_httponly', 1); - if ( isset($_SERVER['HTTPS']) ) - ini_set('session.cookie_secure', 1); ?> <link rel="icon" type="image/png" href="../img/favicon.png" /> </head> |