Added Content-Security-Policy header to prevent XSS attacks
This commit is contained in:
parent
243e9b045f
commit
9b31f83f6d
|
@ -15,6 +15,7 @@ See the License for the specific language governing permissions and
|
|||
limitations under the License.
|
||||
-->
|
||||
<?php
|
||||
require_once 'lib/headers.php';
|
||||
require_once 'lib/session.php';
|
||||
?>
|
||||
<html>
|
||||
|
|
|
@ -15,6 +15,7 @@ See the License for the specific language governing permissions and
|
|||
limitations under the License.
|
||||
-->
|
||||
<?php
|
||||
require_once 'lib/headers.php';
|
||||
require_once 'lib/session.php';
|
||||
?>
|
||||
<html>
|
||||
|
|
|
@ -15,6 +15,7 @@ See the License for the specific language governing permissions and
|
|||
limitations under the License.
|
||||
-->
|
||||
<?php
|
||||
require_once 'lib/headers.php';
|
||||
require_once 'lib/session.php';
|
||||
?>
|
||||
<html>
|
||||
|
@ -150,7 +151,7 @@ limitations under the License.
|
|||
<tfoot>
|
||||
<td>New</td>
|
||||
<td><input id="addName" type="text" class="form-control input-sm" data-regex="^([^.]+\.)*[^.]+$"></td>
|
||||
<td><select id="addType" class="form-control" style="width: 70%;"></select></td>
|
||||
<td><select id="addType" class="form-control select-narrow-70"></select></td>
|
||||
<td><input id="addContent" type="text" class="form-control input-sm" data-regex="^.+$"></td>
|
||||
<td><input id="addPrio" type="text" class="form-control input-sm" size="1" data-regex="^[0-9]+$"></td>
|
||||
<td><input id="addTtl" type="text" class="form-control input-sm" size="3" data-regex="^[0-9]+$"></td>
|
||||
|
|
|
@ -15,6 +15,7 @@ See the License for the specific language governing permissions and
|
|||
limitations under the License.
|
||||
-->
|
||||
<?php
|
||||
require_once 'lib/headers.php';
|
||||
require_once 'lib/session.php';
|
||||
?>
|
||||
<html>
|
||||
|
|
|
@ -21,3 +21,5 @@
|
|||
.cell-vertical-bottom { vertical-align: bottom !important; }
|
||||
.cell-vertical-middle { vertical-align: middle !important; }
|
||||
.cell-vertical-top { vertical-align: top !important; }
|
||||
|
||||
.select-narrow-70 { width: 70%; }
|
|
@ -14,6 +14,9 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
-->
|
||||
<?php
|
||||
require_once 'lib/headers.php';
|
||||
?>
|
||||
<html>
|
||||
<head>
|
||||
<title>PDNS Manager</title>
|
||||
|
|
|
@ -15,6 +15,7 @@ See the License for the specific language governing permissions and
|
|||
limitations under the License.
|
||||
-->
|
||||
<?php
|
||||
require_once 'lib/headers.php';
|
||||
if(file_exists("config/config-user.php")) {
|
||||
Header("Location: index.php");
|
||||
}
|
||||
|
|
|
@ -230,7 +230,7 @@ function editClicked() {
|
|||
|
||||
var valueType = tableCells.eq(2).text();
|
||||
tableCells.eq(2).empty();
|
||||
$('<select class="form-control" style="width: 70%;"></select>').appendTo(tableCells.eq(2)).select2({
|
||||
$('<select class="form-control select-narrow-70"></select>').appendTo(tableCells.eq(2)).select2({
|
||||
data: recordTypes
|
||||
}).val(valueType).trigger("change");
|
||||
|
||||
|
|
19
lib/headers.php
Normal file
19
lib/headers.php
Normal file
|
@ -0,0 +1,19 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
* Copyright 2016 Lukas Metzger <developer@lukas-metzger.com>.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
Header("Content-Security-Policy: default-src 'self';");
|
|
@ -15,6 +15,7 @@ See the License for the specific language governing permissions and
|
|||
limitations under the License.
|
||||
-->
|
||||
<?php
|
||||
require_once 'lib/headers.php';
|
||||
require_once 'lib/session.php';
|
||||
session_destroy();
|
||||
setcookie("authSecret", "", 1, "/", "", false, true);
|
||||
|
|
|
@ -15,6 +15,7 @@ See the License for the specific language governing permissions and
|
|||
limitations under the License.
|
||||
-->
|
||||
<?php
|
||||
require_once 'lib/headers.php';
|
||||
require_once 'lib/session.php';
|
||||
?>
|
||||
<html>
|
||||
|
|
Loading…
Reference in a new issue