Add CSP sandbox
Fixes https://github.com/PrivateBin/PrivateBin/issues/168 Alos needed to run some Composer stuff, no idea why my diff was different.
This commit is contained in:
parent
368aa2305b
commit
e9b10f9e2d
4 changed files with 12 additions and 2 deletions
|
@ -63,7 +63,8 @@ languageselection = false
|
||||||
; custom scripts from third-party domains to your templates, e.g. tracking
|
; custom scripts from third-party domains to your templates, e.g. tracking
|
||||||
; scripts or run your site behind certain DDoS-protection services.
|
; scripts or run your site behind certain DDoS-protection services.
|
||||||
; Check the documentation at https://content-security-policy.com/
|
; Check the documentation at https://content-security-policy.com/
|
||||||
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer;"
|
; Note: If you use a bootstrap theme, you can remove the allow-popups from the sandbox restrictions.
|
||||||
|
; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer; sandbox allow-same-origin allow-scripts allow-forms allow-popups"
|
||||||
|
|
||||||
; stay compatible with PrivateBin Alpha 0.19, less secure
|
; stay compatible with PrivateBin Alpha 0.19, less secure
|
||||||
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
|
||||||
|
|
|
@ -51,7 +51,7 @@ class Configuration
|
||||||
'languagedefault' => '',
|
'languagedefault' => '',
|
||||||
'urlshortener' => '',
|
'urlshortener' => '',
|
||||||
'icon' => 'identicon',
|
'icon' => 'identicon',
|
||||||
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:; referrer no-referrer;',
|
'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:; referrer no-referrer; sandbox allow-same-origin allow-scripts allow-forms allow-popups',
|
||||||
'zerobincompatibility' => false,
|
'zerobincompatibility' => false,
|
||||||
),
|
),
|
||||||
'expire' => array(
|
'expire' => array(
|
||||||
|
|
1
vendor/composer/autoload_psr4.php
vendored
1
vendor/composer/autoload_psr4.php
vendored
|
@ -7,4 +7,5 @@ $baseDir = dirname($vendorDir);
|
||||||
|
|
||||||
return array(
|
return array(
|
||||||
'PrivateBin\\' => array($baseDir . '/lib'),
|
'PrivateBin\\' => array($baseDir . '/lib'),
|
||||||
|
'CodeClimate\\PhpTestReporter\\' => array($vendorDir . '/codeclimate/php-test-reporter/src'),
|
||||||
);
|
);
|
||||||
|
|
8
vendor/composer/autoload_static.php
vendored
8
vendor/composer/autoload_static.php
vendored
|
@ -15,6 +15,10 @@ class ComposerStaticInitDontChange
|
||||||
array (
|
array (
|
||||||
'PrivateBin\\' => 11,
|
'PrivateBin\\' => 11,
|
||||||
),
|
),
|
||||||
|
'C' =>
|
||||||
|
array (
|
||||||
|
'CodeClimate\\PhpTestReporter\\' => 28,
|
||||||
|
),
|
||||||
);
|
);
|
||||||
|
|
||||||
public static $prefixDirsPsr4 = array (
|
public static $prefixDirsPsr4 = array (
|
||||||
|
@ -22,6 +26,10 @@ class ComposerStaticInitDontChange
|
||||||
array (
|
array (
|
||||||
0 => __DIR__ . '/../..' . '/lib',
|
0 => __DIR__ . '/../..' . '/lib',
|
||||||
),
|
),
|
||||||
|
'CodeClimate\\PhpTestReporter\\' =>
|
||||||
|
array (
|
||||||
|
0 => __DIR__ . '/..' . '/codeclimate/php-test-reporter/src',
|
||||||
|
),
|
||||||
);
|
);
|
||||||
|
|
||||||
public static $prefixesPsr0 = array (
|
public static $prefixesPsr0 = array (
|
||||||
|
|
Loading…
Reference in a new issue