History log of /dokuwiki/inc/HTTP/Headers.php (Results 1 – 3 of 3)
Revision Date Author Comments
# fe15e2c0 31-Aug-2023 Andreas Gohr <andi@splitbrain.org>

code style: static visibility
# a3b08db5 29-Aug-2023 Andreas Gohr <andi@splitbrain.org>

Apply rector fixes to inc/HTTP
# 6cda96e3 14-Oct-2020 Andreas Gohr <andi@splitbrain.org>

Restrictive Content-Security-Policy for media #1045

This adds a CSP header for all media delivered through our fetch.php
dispatcher. This should revent any scripts etc. to be executed when
scriptabl

Restrictive Content-Security-Policy for media #1045

This adds a CSP header for all media delivered through our fetch.php
dispatcher. This should revent any scripts etc. to be executed when
scriptable media, like SVG is used.

Suggestions on finetuning the policy are welcome.

The policy is added to the MEDIA_SENDFILE event, so plugins can easily
influence it. The way it is passed as an array should make it easier to
modify from plugins as well.

I put the mechanism to send the header into it's own class in the HTTP
namespace. Additional methods from inc/httputils could be moved here
later. The method might also be interesting for #2198 and #1676.

show more ...