StarCitizenTools/mediawiki-skins-Citizen
1
0
Fork 0
mirror of https://github.com/StarCitizenTools/mediawiki-skins-Citizen.git synced 2024-11-29 08:35:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #47 from StarCitizenTools/dev

Browse source 
Updated security headers settings
This commit is contained in:
alistair3149 2019-12-31 11:41:46 -05:00 committed by GitHub
parent 71e1132e84 286c2d5acc
commit ca7cf4ae12
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -80,10 +80,10 @@ WIP section, refer to below:
"descriptionmsg": "citizen-config-enabledenyxframeoptions", "descriptionmsg": "citizen-config-enabledenyxframeoptions",
"public": true "public": true
}, },
"EnableStrictReferrerPolicy": { "EnableXXSSProtection": {
"value": false, "value": false,
"description": "Enable or disable strict-origin-when-cross-origin referrer policy", "description": "Enable or disable the X-XSS-Protection header",
"descriptionmsg": "citizen-config-enablestrictreferrerpolicy", "descriptionmsg": "citizen-config-enablexxssprotection",
"public": true "public": true
}, },
"EnableFeaturePolicy": { "EnableFeaturePolicy": {

20
includes/SkinCitizen.php
View file

@ -44,9 +44,9 @@ class SkinCitizen extends SkinTemplate {
// Deny X-Frame-Options // Deny X-Frame-Options
$this->addXFrameOptions(); $this->addXFrameOptions();
// Strict referrer policy // X-XSS-Protection
$this->addStrictReferrerPolicy(); $this->addXXSSProtection();
// Feature policy // Feature policy
$this->addFeaturePolicy(); $this->addFeaturePolicy();
@ -168,17 +168,13 @@ class SkinCitizen extends SkinTemplate {
} }
} }
/** /**
* Adds the referrer header if enabled in 'CitizenEnableStrictReferrerPolicy' * Adds the X-XSS-Protection header if set in 'CitizenEnableXXSSProtection'
*/ */
private function addStrictReferrerPolicy() { private function addXXSSProtection() {
if ( $this->getConfigValue( 'CitizenEnableStrictReferrerPolicy' ) === true ) { if ( $this->getConfigValue( 'CitizenEnableXXSSProtection' ) === true ) {
// iOS Safari, IE, Edge compatiblity $this->out->getRequest()->response()->header( 'X-XSS-Protection: 1; mode=block' );
$this->out->addMeta( 'referrer', 'strict-origin' );
$this->out->addMeta( 'referrer', 'strict-origin-when-cross-origin' );
$this->out->getRequest()
->response()
->header( 'Referrer-Policy: strict-origin-when-cross-origin' );
} }
} }

6
skin.json
View file

@ -81,10 +81,10 @@
"descriptionmsg": "citizen-config-enabledenyxframeoptions", "descriptionmsg": "citizen-config-enabledenyxframeoptions",
"public": true "public": true
}, },
"EnableStrictReferrerPolicy": { "EnableXXSSProtection": {
"value": false, "value": false,
"description": "Enable or disable strict-origin-when-cross-origin referrer policy", "description": "Enable or disable the X-XSS-Protection header",
"descriptionmsg": "citizen-config-enablestrictreferrerpolicy", "descriptionmsg": "citizen-config-enablexxssprotection",
"public": true "public": true
}, },
"EnableFeaturePolicy": { "EnableFeaturePolicy": {