diff --git a/cfg/conf.ini.sample b/cfg/conf.ini.sample index 5ab71913..aee6990c 100644 --- a/cfg/conf.ini.sample +++ b/cfg/conf.ini.sample @@ -1,5 +1,5 @@ ; config file for PrivateBin -; +; ; An explanation of each setting can be find online at https://github.com/PrivateBin/PrivateBin/wiki/Configuration. [main] @@ -60,7 +60,7 @@ languageselection = false ; custom scripts from third-party domains to your templates, e.g. tracking ; scripts or run your site behind certain DDoS-protection services. ; Check the documentation at https://content-security-policy.com/ -cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:;" +cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer;" ; stay compatible with PrivateBin Alpha 0.19, less secure ; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of diff --git a/lib/Configuration.php b/lib/Configuration.php index 03c7615b..47daa5ac 100644 --- a/lib/Configuration.php +++ b/lib/Configuration.php @@ -51,7 +51,7 @@ class Configuration 'languagedefault' => '', 'urlshortener' => '', 'icon' => 'identicon', - 'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:;', + 'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:; referrer no-referrer;', 'zerobincompatibility' => false, ), 'expire' => array( diff --git a/test.php b/test.php new file mode 100755 index 00000000..6b6aa18c --- /dev/null +++ b/test.php @@ -0,0 +1,17 @@ + diff --git a/tpl/bootstrap-compact.php b/tpl/bootstrap-compact.php index 025f35ed..21966086 100644 --- a/tpl/bootstrap-compact.php +++ b/tpl/bootstrap-compact.php @@ -7,6 +7,7 @@ use PrivateBin\I18n; +