Allow customizing CSP
This commit is contained in:
parent
541c3c1fed
commit
4be72a2a0d
|
@ -70,6 +70,13 @@ class Adminer {
|
|||
function headers() {
|
||||
}
|
||||
|
||||
/** Get Content Security Policy headers
|
||||
* @return array directive name in key, allowed sources in value
|
||||
*/
|
||||
function csp() {
|
||||
return csp();
|
||||
}
|
||||
|
||||
/** Print HTML code inside <head>
|
||||
* @return bool true to link adminer.css if exists
|
||||
*/
|
||||
|
|
|
@ -91,10 +91,29 @@ function page_headers() {
|
|||
header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
|
||||
header("X-Content-Type-Options: nosniff");
|
||||
header("Referrer-Policy: origin-when-cross-origin");
|
||||
header("Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' data:; frame-src https://www.adminer.org; form-action 'self'");
|
||||
$csp = array();
|
||||
foreach ($adminer->csp() as $key => $val) {
|
||||
$csp[] = "$key $val";
|
||||
}
|
||||
header("Content-Security-Policy: " . implode("; ", $csp));
|
||||
$adminer->headers();
|
||||
}
|
||||
|
||||
/** Get Content Security Policy headers
|
||||
* @return array directive name in key, allowed sources in value
|
||||
*/
|
||||
function csp() {
|
||||
return array(
|
||||
"default-src" => "'none'",
|
||||
"script-src" => "'self' 'unsafe-inline'",
|
||||
"style-src" => "'self' 'unsafe-inline'",
|
||||
"connect-src" => "'self'",
|
||||
"img-src" => "'self' data:",
|
||||
"frame-src" => "https://www.adminer.org",
|
||||
"form-action" => "'self'",
|
||||
);
|
||||
}
|
||||
|
||||
/** Print flash and error messages
|
||||
* @param string
|
||||
* @return null
|
||||
|
|
|
@ -47,6 +47,10 @@ class Adminer {
|
|||
function headers() {
|
||||
}
|
||||
|
||||
function csp() {
|
||||
return csp();
|
||||
}
|
||||
|
||||
function head() {
|
||||
return true;
|
||||
}
|
||||
|
|
|
@ -127,6 +127,11 @@ class AdminerPlugin extends Adminer {
|
|||
return $this->_applyPlugin(__FUNCTION__, $args);
|
||||
}
|
||||
|
||||
function csp() {
|
||||
$args = func_get_args();
|
||||
return $this->_applyPlugin(__FUNCTION__, $args);
|
||||
}
|
||||
|
||||
function head() {
|
||||
$args = func_get_args();
|
||||
return $this->_applyPlugin(__FUNCTION__, $args);
|
||||
|
|
Loading…
Reference in a new issue