mirror of
https://github.com/StarCitizenTools/mediawiki-skins-Citizen.git
synced 2024-11-29 08:35:23 +00:00
Merge pull request #47 from StarCitizenTools/dev
Updated security headers settings
This commit is contained in:
commit
ca7cf4ae12
|
@ -80,10 +80,10 @@ WIP section, refer to below:
|
|||
"descriptionmsg": "citizen-config-enabledenyxframeoptions",
|
||||
"public": true
|
||||
},
|
||||
"EnableStrictReferrerPolicy": {
|
||||
"EnableXXSSProtection": {
|
||||
"value": false,
|
||||
"description": "Enable or disable strict-origin-when-cross-origin referrer policy",
|
||||
"descriptionmsg": "citizen-config-enablestrictreferrerpolicy",
|
||||
"description": "Enable or disable the X-XSS-Protection header",
|
||||
"descriptionmsg": "citizen-config-enablexxssprotection",
|
||||
"public": true
|
||||
},
|
||||
"EnableFeaturePolicy": {
|
||||
|
|
|
@ -44,8 +44,8 @@ class SkinCitizen extends SkinTemplate {
|
|||
// Deny X-Frame-Options
|
||||
$this->addXFrameOptions();
|
||||
|
||||
// Strict referrer policy
|
||||
$this->addStrictReferrerPolicy();
|
||||
// X-XSS-Protection
|
||||
$this->addXXSSProtection();
|
||||
|
||||
// Feature policy
|
||||
$this->addFeaturePolicy();
|
||||
|
@ -168,17 +168,13 @@ class SkinCitizen extends SkinTemplate {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Adds the referrer header if enabled in 'CitizenEnableStrictReferrerPolicy'
|
||||
* Adds the X-XSS-Protection header if set in 'CitizenEnableXXSSProtection'
|
||||
*/
|
||||
private function addStrictReferrerPolicy() {
|
||||
if ( $this->getConfigValue( 'CitizenEnableStrictReferrerPolicy' ) === true ) {
|
||||
// iOS Safari, IE, Edge compatiblity
|
||||
$this->out->addMeta( 'referrer', 'strict-origin' );
|
||||
$this->out->addMeta( 'referrer', 'strict-origin-when-cross-origin' );
|
||||
$this->out->getRequest()
|
||||
->response()
|
||||
->header( 'Referrer-Policy: strict-origin-when-cross-origin' );
|
||||
private function addXXSSProtection() {
|
||||
if ( $this->getConfigValue( 'CitizenEnableXXSSProtection' ) === true ) {
|
||||
$this->out->getRequest()->response()->header( 'X-XSS-Protection: 1; mode=block' );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -81,10 +81,10 @@
|
|||
"descriptionmsg": "citizen-config-enabledenyxframeoptions",
|
||||
"public": true
|
||||
},
|
||||
"EnableStrictReferrerPolicy": {
|
||||
"EnableXXSSProtection": {
|
||||
"value": false,
|
||||
"description": "Enable or disable strict-origin-when-cross-origin referrer policy",
|
||||
"descriptionmsg": "citizen-config-enablestrictreferrerpolicy",
|
||||
"description": "Enable or disable the X-XSS-Protection header",
|
||||
"descriptionmsg": "citizen-config-enablexxssprotection",
|
||||
"public": true
|
||||
},
|
||||
"EnableFeaturePolicy": {
|
||||
|
|
Loading…
Reference in a new issue