StarCitizenTools/mediawiki-skins-Citizen
1
0
Fork 0
mirror of https://github.com/StarCitizenTools/mediawiki-skins-Citizen.git synced 2024-11-25 23:05:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #47 from StarCitizenTools/dev

Browse source 
Updated security headers settings
This commit is contained in:
alistair3149 2019-12-31 11:41:46 -05:00 committed by GitHub
parent 71e1132e84 286c2d5acc
commit ca7cf4ae12
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -80,10 +80,10 @@ WIP section, refer to below:
"descriptionmsg": "citizen-config-enabledenyxframeoptions",
"public": true
},
"EnableStrictReferrerPolicy": {
"EnableXXSSProtection": {
"value": false,
"description": "Enable or disable strict-origin-when-cross-origin referrer policy",
"descriptionmsg": "citizen-config-enablestrictreferrerpolicy",
"description": "Enable or disable the X-XSS-Protection header",
"descriptionmsg": "citizen-config-enablexxssprotection",
"public": true
},
"EnableFeaturePolicy": {

20
includes/SkinCitizen.php
View file

@ -44,9 +44,9 @@ class SkinCitizen extends SkinTemplate {
// Deny X-Frame-Options
$this->addXFrameOptions();
// Strict referrer policy
$this->addStrictReferrerPolicy();
// X-XSS-Protection
$this->addXXSSProtection();
// Feature policy
$this->addFeaturePolicy();
@ -168,17 +168,13 @@ class SkinCitizen extends SkinTemplate {
}
}
/**
* Adds the referrer header if enabled in 'CitizenEnableStrictReferrerPolicy'
* Adds the X-XSS-Protection header if set in 'CitizenEnableXXSSProtection'
*/
private function addStrictReferrerPolicy() {
if ( $this->getConfigValue( 'CitizenEnableStrictReferrerPolicy' ) === true ) {
// iOS Safari, IE, Edge compatiblity
$this->out->addMeta( 'referrer', 'strict-origin' );
$this->out->addMeta( 'referrer', 'strict-origin-when-cross-origin' );
$this->out->getRequest()
->response()
->header( 'Referrer-Policy: strict-origin-when-cross-origin' );
private function addXXSSProtection() {
if ( $this->getConfigValue( 'CitizenEnableXXSSProtection' ) === true ) {
$this->out->getRequest()->response()->header( 'X-XSS-Protection: 1; mode=block' );
}
}

6
skin.json
View file

@ -81,10 +81,10 @@
"descriptionmsg": "citizen-config-enabledenyxframeoptions",
"public": true
},
"EnableStrictReferrerPolicy": {
"EnableXXSSProtection": {
"value": false,
"description": "Enable or disable strict-origin-when-cross-origin referrer policy",
"descriptionmsg": "citizen-config-enablestrictreferrerpolicy",
"description": "Enable or disable the X-XSS-Protection header",
"descriptionmsg": "citizen-config-enablexxssprotection",
"public": true
},
"EnableFeaturePolicy": {