Remediate other vulns

2021-08-10 09:48:35 -04:00
parent e12a30fa36
commit 28d8e418ed
4 changed files with 20 additions and 0 deletions
--- a/inc/header.inc.php
+++ b/inc/header.inc.php
@@ -82,6 +82,7 @@
    $timenow = $timeplus->format('Y-m-d H:i:s');
      header("X-Frame-Options: SAMEORIGIN");
      header("X-Content-Type-Options: nosniff");
+      header("Content-Security-Policy: default-src 'self'; script-src 'self'");
      //header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);
      if (!empty($_GET['a'])) {
        echo '<pre>' . print_r($_POST, true) . '</pre>';