Searched hist:"6 cda96e3cf806e272521e0e44b9592acb7d3b837" (Results 1 – 3 of 3) sorted by relevance
| /dokuwiki/inc/HTTP/ |
| H A D | Headers.php | 6cda96e3cf806e272521e0e44b9592acb7d3b837 Wed Oct 14 13:10:47 UTC 2020 Andreas Gohr <andi@splitbrain.org> Restrictive Content-Security-Policy for media #1045
This adds a CSP header for all media delivered through our fetch.php
dispatcher. This should revent any scripts etc. to be executed when
scriptable media, like SVG is used.
Suggestions on finetuning the policy are welcome.
The policy is added to the MEDIA_SENDFILE event, so plugins can easily
influence it. The way it is passed as an array should make it easier to
modify from plugins as well.
I put the mechanism to send the header into it's own class in the HTTP
namespace. Additional methods from inc/httputils could be moved here
later. The method might also be interesting for #2198 and #1676.
|
| /dokuwiki/inc/ |
| H A D | fetch.functions.php | 6cda96e3cf806e272521e0e44b9592acb7d3b837 Wed Oct 14 13:10:47 UTC 2020 Andreas Gohr <andi@splitbrain.org> Restrictive Content-Security-Policy for media #1045
This adds a CSP header for all media delivered through our fetch.php
dispatcher. This should revent any scripts etc. to be executed when
scriptable media, like SVG is used.
Suggestions on finetuning the policy are welcome.
The policy is added to the MEDIA_SENDFILE event, so plugins can easily
influence it. The way it is passed as an array should make it easier to
modify from plugins as well.
I put the mechanism to send the header into it's own class in the HTTP
namespace. Additional methods from inc/httputils could be moved here
later. The method might also be interesting for #2198 and #1676.
|
| /dokuwiki/lib/exe/ |
| H A D | fetch.php | 6cda96e3cf806e272521e0e44b9592acb7d3b837 Wed Oct 14 13:10:47 UTC 2020 Andreas Gohr <andi@splitbrain.org> Restrictive Content-Security-Policy for media #1045
This adds a CSP header for all media delivered through our fetch.php
dispatcher. This should revent any scripts etc. to be executed when
scriptable media, like SVG is used.
Suggestions on finetuning the policy are welcome.
The policy is added to the MEDIA_SENDFILE event, so plugins can easily
influence it. The way it is passed as an array should make it easier to
modify from plugins as well.
I put the mechanism to send the header into it's own class in the HTTP
namespace. Additional methods from inc/httputils could be moved here
later. The method might also be interesting for #2198 and #1676.
|