Point808/LobbySIO
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vulnerability mitigation

Browse Source
This commit is contained in:
Josh North
2021-05-28 17:02:01 -04:00
parent 9043ccb0e2
commit 0a39b60eee
17 changed files with 95 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
inc/header.inc.php
View File

@@ -21,7 +21,7 @@
//ini_set('session.gc_divisor', 100); // TIMES
//session_save_path('.tmp'); // TEMP
//session_start(); // START
//ini_set("session. cookie_httponly", 1);
//ini_set("session.cookie_httponly", 1);
require_once __DIR__ . '/../autoload.php'; // AUTOLOAD
use App\LobbySIO\Config\Registry;
use App\LobbySIO\Misc\Csrf; // ANTICSRF
@@ -80,8 +80,9 @@
$timeplus = new DateTime($StaticFunctions->getUTC(), new DateTimeZone('UTC')); // DUMB WAY TO CALCULATE SOME TIMES
$timeplus->setTimezone(new DateTimeZone("$timezone"));
$timenow = $timeplus->format('Y-m-d H:i:s');
header("X-Frame-Options: SAMEORIGIN");
header("Content-Security-Policy: frame-ancestors 'none'", false);
header("X-Frame-Options: SAMEORIGIN");
header("X-Content-Type-Options: nosniff");
header("Content-Security-Policy: script-src 'self'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);
if (!empty($_GET['a'])) {
echo '<pre>' . print_r($_POST, true) . '</pre>';
echo 'Verification has been : ' . (Csrf::verifyToken('home') ? 'successful' : 'unsuccessful');