Added Content-Security-Policy header to prevent XSS attacks
This commit is contained in:
parent
243e9b045f
commit
9b31f83f6d
|
@ -15,6 +15,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
-->
|
-->
|
||||||
<?php
|
<?php
|
||||||
|
require_once 'lib/headers.php';
|
||||||
require_once 'lib/session.php';
|
require_once 'lib/session.php';
|
||||||
?>
|
?>
|
||||||
<html>
|
<html>
|
||||||
|
|
|
@ -15,6 +15,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
-->
|
-->
|
||||||
<?php
|
<?php
|
||||||
|
require_once 'lib/headers.php';
|
||||||
require_once 'lib/session.php';
|
require_once 'lib/session.php';
|
||||||
?>
|
?>
|
||||||
<html>
|
<html>
|
||||||
|
|
|
@ -15,6 +15,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
-->
|
-->
|
||||||
<?php
|
<?php
|
||||||
|
require_once 'lib/headers.php';
|
||||||
require_once 'lib/session.php';
|
require_once 'lib/session.php';
|
||||||
?>
|
?>
|
||||||
<html>
|
<html>
|
||||||
|
@ -150,7 +151,7 @@ limitations under the License.
|
||||||
<tfoot>
|
<tfoot>
|
||||||
<td>New</td>
|
<td>New</td>
|
||||||
<td><input id="addName" type="text" class="form-control input-sm" data-regex="^([^.]+\.)*[^.]+$"></td>
|
<td><input id="addName" type="text" class="form-control input-sm" data-regex="^([^.]+\.)*[^.]+$"></td>
|
||||||
<td><select id="addType" class="form-control" style="width: 70%;"></select></td>
|
<td><select id="addType" class="form-control select-narrow-70"></select></td>
|
||||||
<td><input id="addContent" type="text" class="form-control input-sm" data-regex="^.+$"></td>
|
<td><input id="addContent" type="text" class="form-control input-sm" data-regex="^.+$"></td>
|
||||||
<td><input id="addPrio" type="text" class="form-control input-sm" size="1" data-regex="^[0-9]+$"></td>
|
<td><input id="addPrio" type="text" class="form-control input-sm" size="1" data-regex="^[0-9]+$"></td>
|
||||||
<td><input id="addTtl" type="text" class="form-control input-sm" size="3" data-regex="^[0-9]+$"></td>
|
<td><input id="addTtl" type="text" class="form-control input-sm" size="3" data-regex="^[0-9]+$"></td>
|
||||||
|
|
|
@ -15,6 +15,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
-->
|
-->
|
||||||
<?php
|
<?php
|
||||||
|
require_once 'lib/headers.php';
|
||||||
require_once 'lib/session.php';
|
require_once 'lib/session.php';
|
||||||
?>
|
?>
|
||||||
<html>
|
<html>
|
||||||
|
|
|
@ -21,3 +21,5 @@
|
||||||
.cell-vertical-bottom { vertical-align: bottom !important; }
|
.cell-vertical-bottom { vertical-align: bottom !important; }
|
||||||
.cell-vertical-middle { vertical-align: middle !important; }
|
.cell-vertical-middle { vertical-align: middle !important; }
|
||||||
.cell-vertical-top { vertical-align: top !important; }
|
.cell-vertical-top { vertical-align: top !important; }
|
||||||
|
|
||||||
|
.select-narrow-70 { width: 70%; }
|
|
@ -14,6 +14,9 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
See the License for the specific language governing permissions and
|
See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
-->
|
-->
|
||||||
|
<?php
|
||||||
|
require_once 'lib/headers.php';
|
||||||
|
?>
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<title>PDNS Manager</title>
|
<title>PDNS Manager</title>
|
||||||
|
|
|
@ -15,6 +15,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
-->
|
-->
|
||||||
<?php
|
<?php
|
||||||
|
require_once 'lib/headers.php';
|
||||||
if(file_exists("config/config-user.php")) {
|
if(file_exists("config/config-user.php")) {
|
||||||
Header("Location: index.php");
|
Header("Location: index.php");
|
||||||
}
|
}
|
||||||
|
|
|
@ -230,7 +230,7 @@ function editClicked() {
|
||||||
|
|
||||||
var valueType = tableCells.eq(2).text();
|
var valueType = tableCells.eq(2).text();
|
||||||
tableCells.eq(2).empty();
|
tableCells.eq(2).empty();
|
||||||
$('<select class="form-control" style="width: 70%;"></select>').appendTo(tableCells.eq(2)).select2({
|
$('<select class="form-control select-narrow-70"></select>').appendTo(tableCells.eq(2)).select2({
|
||||||
data: recordTypes
|
data: recordTypes
|
||||||
}).val(valueType).trigger("change");
|
}).val(valueType).trigger("change");
|
||||||
|
|
||||||
|
|
19
lib/headers.php
Normal file
19
lib/headers.php
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Copyright 2016 Lukas Metzger <developer@lukas-metzger.com>.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
Header("Content-Security-Policy: default-src 'self';");
|
|
@ -15,6 +15,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
-->
|
-->
|
||||||
<?php
|
<?php
|
||||||
|
require_once 'lib/headers.php';
|
||||||
require_once 'lib/session.php';
|
require_once 'lib/session.php';
|
||||||
session_destroy();
|
session_destroy();
|
||||||
setcookie("authSecret", "", 1, "/", "", false, true);
|
setcookie("authSecret", "", 1, "/", "", false, true);
|
||||||
|
|
|
@ -15,6 +15,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
-->
|
-->
|
||||||
<?php
|
<?php
|
||||||
|
require_once 'lib/headers.php';
|
||||||
require_once 'lib/session.php';
|
require_once 'lib/session.php';
|
||||||
?>
|
?>
|
||||||
<html>
|
<html>
|
||||||
|
|
|
@ -15,6 +15,7 @@ See the License for the specific language governing permissions and
|
||||||
limitations under the License.
|
limitations under the License.
|
||||||
-->
|
-->
|
||||||
<?php
|
<?php
|
||||||
|
require_once 'lib/headers.php';
|
||||||
require_once 'lib/session.php';
|
require_once 'lib/session.php';
|
||||||
?>
|
?>
|
||||||
<html>
|
<html>
|
||||||
|
|
Loading…
Reference in a new issue