Add Content Security Policy
This commit is contained in:
parent
552d2a6be4
commit
e614ae08c4
|
@ -91,6 +91,7 @@ function page_headers() {
|
|||
header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
|
||||
header("X-Content-Type-Options: nosniff");
|
||||
header("Referrer-Policy: origin-when-cross-origin");
|
||||
header("Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self'; frame-src https://www.adminer.org; form-action 'self'");
|
||||
$adminer->headers();
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
Adminer 4.3.2-dev:
|
||||
Add Content Security Policy
|
||||
Add nosniff header
|
||||
PHP 7.1: Prevent warning when using empty limit
|
||||
MySQL: Remove dedicated view for replication status (added in 4.3.0)
|
||||
|
|
Loading…
Reference in a new issue