Add CSP sandbox

Fixes https://github.com/PrivateBin/PrivateBin/issues/168

Alos needed to run some Composer stuff, no idea why my diff was different.
This commit is contained in:
rugk 2017-02-01 18:34:13 +01:00
parent 368aa2305b
commit e9b10f9e2d
No known key found for this signature in database
GPG key ID: 05D40A636AFAB34D
4 changed files with 12 additions and 2 deletions

View file

@ -63,7 +63,8 @@ languageselection = false
; custom scripts from third-party domains to your templates, e.g. tracking ; custom scripts from third-party domains to your templates, e.g. tracking
; scripts or run your site behind certain DDoS-protection services. ; scripts or run your site behind certain DDoS-protection services.
; Check the documentation at https://content-security-policy.com/ ; Check the documentation at https://content-security-policy.com/
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer;" ; Note: If you use a bootstrap theme, you can remove the allow-popups from the sandbox restrictions.
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer; sandbox allow-same-origin allow-scripts allow-forms allow-popups"
; stay compatible with PrivateBin Alpha 0.19, less secure ; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of ; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of

View file

@ -51,7 +51,7 @@ class Configuration
'languagedefault' => '', 'languagedefault' => '',
'urlshortener' => '', 'urlshortener' => '',
'icon' => 'identicon', 'icon' => 'identicon',
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:; referrer no-referrer;', 'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:; referrer no-referrer; sandbox allow-same-origin allow-scripts allow-forms allow-popups',
'zerobincompatibility' => false, 'zerobincompatibility' => false,
), ),
'expire' => array( 'expire' => array(

View file

@ -7,4 +7,5 @@ $baseDir = dirname($vendorDir);
return array( return array(
'PrivateBin\\' => array($baseDir . '/lib'), 'PrivateBin\\' => array($baseDir . '/lib'),
'CodeClimate\\PhpTestReporter\\' => array($vendorDir . '/codeclimate/php-test-reporter/src'),
); );

View file

@ -15,6 +15,10 @@ class ComposerStaticInitDontChange
array ( array (
'PrivateBin\\' => 11, 'PrivateBin\\' => 11,
), ),
'C' =>
array (
'CodeClimate\\PhpTestReporter\\' => 28,
),
); );
public static $prefixDirsPsr4 = array ( public static $prefixDirsPsr4 = array (
@ -22,6 +26,10 @@ class ComposerStaticInitDontChange
array ( array (
0 => __DIR__ . '/../..' . '/lib', 0 => __DIR__ . '/../..' . '/lib',
), ),
'CodeClimate\\PhpTestReporter\\' =>
array (
0 => __DIR__ . '/..' . '/codeclimate/php-test-reporter/src',
),
); );
public static $prefixesPsr0 = array ( public static $prefixesPsr0 = array (