Always send security headers in customization
This commit is contained in:
parent
415253b1b1
commit
552d2a6be4
|
@ -65,10 +65,9 @@ class Adminer {
|
|||
}
|
||||
|
||||
/** Headers to send before HTML output
|
||||
* @return bool true to send security headers
|
||||
* @return null
|
||||
*/
|
||||
function headers() {
|
||||
return true;
|
||||
}
|
||||
|
||||
/** Print HTML code inside <head>
|
||||
|
|
|
@ -87,12 +87,11 @@ function page_headers() {
|
|||
global $adminer;
|
||||
header("Content-Type: text/html; charset=utf-8");
|
||||
header("Cache-Control: no-cache");
|
||||
if ($adminer->headers()) {
|
||||
header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox 3.6.9
|
||||
header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
|
||||
header("X-Content-Type-Options: nosniff");
|
||||
header("Referrer-Policy: origin-when-cross-origin");
|
||||
}
|
||||
header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox 3.6.9
|
||||
header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
|
||||
header("X-Content-Type-Options: nosniff");
|
||||
header("Referrer-Policy: origin-when-cross-origin");
|
||||
$adminer->headers();
|
||||
}
|
||||
|
||||
/** Print flash and error messages
|
||||
|
|
|
@ -6,6 +6,7 @@ PostgreSQL: Sort table names (regression from 4.3.1)
|
|||
Editor: Don't set time zone from PHP, fixes DST
|
||||
Editor: Display field comment's text inside [] only in edit form
|
||||
Editor: Fix doubleclick on database page
|
||||
Customization: Always send security headers
|
||||
Hebrew translation
|
||||
|
||||
Adminer 4.3.1 (released 2017-04-14):
|
||||
|
|
|
@ -45,7 +45,6 @@ class Adminer {
|
|||
}
|
||||
|
||||
function headers() {
|
||||
return true;
|
||||
}
|
||||
|
||||
function head() {
|
||||
|
|
|
@ -20,11 +20,9 @@ class AdminerFrames {
|
|||
function headers() {
|
||||
if ($this->sameOrigin) {
|
||||
header("X-Frame-Options: SameOrigin");
|
||||
} elseif (function_exists('header_remove')) {
|
||||
header_remove("X-Frame-Options");
|
||||
}
|
||||
header("X-XSS-Protection: 0");
|
||||
header("X-Content-Type-Options: nosniff");
|
||||
header("Referrer-Policy: origin-when-cross-origin");
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue