Prevent referrer to be send
Uses both CSP and Referrer-Policy Fixes #96
This commit is contained in:
parent
b7184b92a3
commit
1a159c973f
9 changed files with 26 additions and 3 deletions
|
@ -1,5 +1,5 @@
|
|||
; config file for PrivateBin
|
||||
;
|
||||
;
|
||||
; An explanation of each setting can be find online at https://github.com/PrivateBin/PrivateBin/wiki/Configuration.
|
||||
|
||||
[main]
|
||||
|
@ -60,7 +60,7 @@ languageselection = false
|
|||
; custom scripts from third-party domains to your templates, e.g. tracking
|
||||
; scripts or run your site behind certain DDoS-protection services.
|
||||
; Check the documentation at https://content-security-policy.com/
|
||||
cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:;"
|
||||
cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer;"
|
||||
|
||||
; stay compatible with PrivateBin Alpha 0.19, less secure
|
||||
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
||||
|
|
|
@ -51,7 +51,7 @@ class Configuration
|
|||
'languagedefault' => '',
|
||||
'urlshortener' => '',
|
||||
'icon' => 'identicon',
|
||||
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:;',
|
||||
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:; referrer no-referrer;',
|
||||
'zerobincompatibility' => false,
|
||||
),
|
||||
'expire' => array(
|
||||
|
|
17
test.php
Executable file
17
test.php
Executable file
|
@ -0,0 +1,17 @@
|
|||
<?php
|
||||
$RandomCompat_basedir = ini_get('open_basedir');
|
||||
if (!empty($RandomCompat_basedir)) {
|
||||
$RandomCompat_open_basedir = explode(
|
||||
PATH_SEPARATOR,
|
||||
strtolower($RandomCompat_basedir)
|
||||
);
|
||||
$RandomCompatUrandom = (array() !== array_intersect(
|
||||
array('/dev', '/dev/', '/dev/urandom'),
|
||||
$RandomCompat_open_basedir
|
||||
));
|
||||
$RandomCompat_open_basedir = null;
|
||||
}
|
||||
|
||||
var_dump($RandomCompat_basedir);
|
||||
var_dump($RandomCompat_open_basedir);
|
||||
?>
|
|
@ -7,6 +7,7 @@ use PrivateBin\I18n;
|
|||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<meta name="robots" content="noindex" />
|
||||
<meta name="referrer" content="no-referrer">
|
||||
<title><?php echo I18n::_('PrivateBin'); ?></title>
|
||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-3.3.5.css" />
|
||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
|
||||
|
|
|
@ -7,6 +7,7 @@ use PrivateBin\I18n;
|
|||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<meta name="robots" content="noindex" />
|
||||
<meta name="referrer" content="no-referrer">
|
||||
<title><?php echo I18n::_('PrivateBin'); ?></title>
|
||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
|
||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/darkstrap-0.9.3.css" />
|
||||
|
|
|
@ -7,6 +7,7 @@ use PrivateBin\I18n;
|
|||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<meta name="robots" content="noindex" />
|
||||
<meta name="referrer" content="no-referrer">
|
||||
<title><?php echo I18n::_('PrivateBin'); ?></title>
|
||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
|
||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/darkstrap-0.9.3.css" />
|
||||
|
|
|
@ -7,6 +7,7 @@ use PrivateBin\I18n;
|
|||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<meta name="robots" content="noindex" />
|
||||
<meta name="referrer" content="no-referrer">
|
||||
<title><?php echo I18n::_('PrivateBin'); ?></title>
|
||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-3.3.5.css" />
|
||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
|
||||
|
|
|
@ -7,6 +7,7 @@ use PrivateBin\I18n;
|
|||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<meta name="robots" content="noindex" />
|
||||
<meta name="referrer" content="no-referrer">
|
||||
<title><?php echo I18n::_('PrivateBin'); ?></title>
|
||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-3.3.5.css" />
|
||||
<link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
|
||||
|
|
|
@ -5,6 +5,7 @@ use PrivateBin\I18n;
|
|||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<meta name="robots" content="noindex" />
|
||||
<meta name="referrer" content="no-referrer">
|
||||
<title><?php echo I18n::_('PrivateBin'); ?></title>
|
||||
<link type="text/css" rel="stylesheet" href="css/privatebin.css?<?php echo rawurlencode($VERSION); ?>" />
|
||||
<?php
|
||||
|
|
Loading…
Reference in a new issue