Point808/LobbySIO
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CSP tweaks again, login uid fix, mild cleanup

Browse Source
This commit is contained in:
Josh North 2021-08-16 10:42:45 -04:00
parent 125441933c
commit 65a34f5b65
6 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changeaccess.php
View File

@ -81,8 +81,8 @@
if ($StaticFunctions->getUserSessionStatus() == true) { // CHECK STATUS if ($StaticFunctions->getUserSessionStatus() == true) { // CHECK STATUS
header('Location: index.php'); // ELSE HOME header('Location: index.php'); // ELSE HOME
} else { } else {
header("X-Frame-Options: SAMEORIGIN"); //header("X-Frame-Options: SAMEORIGIN");
header("X-Content-Type-Options: nosniff"); //header("X-Content-Type-Options: nosniff");
//header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false); //header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);
if (!empty(filter_input(INPUT_GET, 'a', FILTER_SANITIZE_FULL_SPECIAL_CHARS))) { if (!empty(filter_input(INPUT_GET, 'a', FILTER_SANITIZE_FULL_SPECIAL_CHARS))) {
//echo '<pre>' . print_r($_POST, true) . '</pre>'; //echo '<pre>' . print_r($_POST, true) . '</pre>';

4
inc/header.inc.php
View File

@ -84,8 +84,8 @@
$_SESSION['nonceStr'] = base64_encode(random_bytes(32)); $_SESSION['nonceStr'] = base64_encode(random_bytes(32));
$nonceHeader="nonce-".$_SESSION['nonceStr']; $nonceHeader="nonce-".$_SESSION['nonceStr'];
$urlsrc=basename(filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_URL)); $urlsrc=basename(filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_URL));
header("X-Frame-Options: SAMEORIGIN"); //header("X-Frame-Options: SAMEORIGIN");
header("X-Content-Type-Options: nosniff"); //header("X-Content-Type-Options: nosniff");
//oldheader("Content-Security-Policy: default-src '$nonceHeader' 'self'; script-src '$nonceHeader' 'self' ; script-src-elem '$nonceHeader' 'self'; script-src-attr '$nonceHeader' 'self'; style-src '$nonceHeader' 'self'; style-src-elem '$nonceHeader' 'self'; style-src-attr '$nonceHeader' 'self'; img-src '$nonceHeader' 'self' data:; connect-src '$nonceHeader' 'self'; frame-src '$nonceHeader' 'self'; font-src '$nonceHeader' 'self'; media-src '$nonceHeader' 'self'; object-src '$nonceHeader' 'self'; manifest-src '$nonceHeader' 'self'; worker-src '$nonceHeader' 'self'; prefetch-src '$nonceHeader' 'self'; form-action '$nonceHeader' 'self'; frame-ancestors '$nonceHeader' 'self'"); //oldheader("Content-Security-Policy: default-src '$nonceHeader' 'self'; script-src '$nonceHeader' 'self' ; script-src-elem '$nonceHeader' 'self'; script-src-attr '$nonceHeader' 'self'; style-src '$nonceHeader' 'self'; style-src-elem '$nonceHeader' 'self'; style-src-attr '$nonceHeader' 'self'; img-src '$nonceHeader' 'self' data:; connect-src '$nonceHeader' 'self'; frame-src '$nonceHeader' 'self'; font-src '$nonceHeader' 'self'; media-src '$nonceHeader' 'self'; object-src '$nonceHeader' 'self'; manifest-src '$nonceHeader' 'self'; worker-src '$nonceHeader' 'self'; prefetch-src '$nonceHeader' 'self'; form-action '$nonceHeader' 'self'; frame-ancestors '$nonceHeader' 'self'");
header("Content-Security-Policy: default-src '$nonceHeader' 'self'; script-src '$nonceHeader' 'self' ; style-src '$nonceHeader' 'self'; img-src '$nonceHeader' 'self' data:; connect-src '$nonceHeader' 'self'; frame-src '$nonceHeader' 'self'; font-src '$nonceHeader' 'self'; media-src '$nonceHeader' 'self'; object-src '$nonceHeader' 'self'; manifest-src '$nonceHeader' 'self'; worker-src '$nonceHeader' 'self'; prefetch-src '$nonceHeader' 'self'; form-action '$nonceHeader' 'self'; frame-ancestors 'self'"); header("Content-Security-Policy: default-src '$nonceHeader' 'self'; script-src '$nonceHeader' 'self' ; style-src '$nonceHeader' 'self'; img-src '$nonceHeader' 'self' data:; connect-src '$nonceHeader' 'self'; frame-src '$nonceHeader' 'self'; font-src '$nonceHeader' 'self'; media-src '$nonceHeader' 'self'; object-src '$nonceHeader' 'self'; manifest-src '$nonceHeader' 'self'; worker-src '$nonceHeader' 'self'; prefetch-src '$nonceHeader' 'self'; form-action '$nonceHeader' 'self'; frame-ancestors 'self'");
if (!empty($_GET['a'])) { if (!empty($_GET['a'])) {

4
index.php
View File

@ -82,8 +82,8 @@
$app_current_pageicon = '<i class="fas fa-home"></i> '; $app_current_pageicon = '<i class="fas fa-home"></i> ';
require_once("inc/header.inc.php"); require_once("inc/header.inc.php");
$urlsrc=basename(filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_URL)); $urlsrc=basename(filter_input(INPUT_SERVER, 'PHP_SELF', FILTER_SANITIZE_URL));
header("X-Frame-Options: SAMEORIGIN"); //header("X-Frame-Options: SAMEORIGIN");
header("X-Content-Type-Options: nosniff"); //header("X-Content-Type-Options: nosniff");
//header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false); //header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);
if (!empty($_GET['a'])) { if (!empty($_GET['a'])) {
echo '<pre>' . print_r($_POST, true) . '</pre>'; echo '<pre>' . print_r($_POST, true) . '</pre>';

4
signin.php
View File

@ -53,8 +53,8 @@
if ($StaticFunctions->getSessionStatus() == true) { // CHECK STATUS if ($StaticFunctions->getSessionStatus() == true) { // CHECK STATUS
header('Location: index.php'); // ELSE HOME header('Location: index.php'); // ELSE HOME
} else { } else {
header("X-Frame-Options: SAMEORIGIN"); //header("X-Frame-Options: SAMEORIGIN");
header("X-Content-Type-Options: nosniff"); //header("X-Content-Type-Options: nosniff");
//header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false); //header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);
if (!empty($_GET['a'])) { if (!empty($_GET['a'])) {
echo '<pre>' . print_r($_POST, true) . '</pre>'; echo '<pre>' . print_r($_POST, true) . '</pre>';

4
signin_display.php
View File

@ -54,8 +54,8 @@
if ($StaticFunctions->getSessionStatus() == true) { // CHECK STATUS if ($StaticFunctions->getSessionStatus() == true) { // CHECK STATUS
header('Location: index.php'); // ELSE HOME header('Location: index.php'); // ELSE HOME
} else { } else {
header("X-Frame-Options: SAMEORIGIN"); //header("X-Frame-Options: SAMEORIGIN");
header("X-Content-Type-Options: nosniff"); //header("X-Content-Type-Options: nosniff");
//header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false); //header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);
if (!empty($_GET['a'])) { if (!empty($_GET['a'])) {
echo '<pre>' . print_r($_POST, true) . '</pre>'; echo '<pre>' . print_r($_POST, true) . '</pre>';

4
signout.php
View File

@ -54,8 +54,8 @@
if ($StaticFunctions->getSessionStatus() == true) { // CHECK STATUS if ($StaticFunctions->getSessionStatus() == true) { // CHECK STATUS
header('Location: index.php'); // ELSE HOME header('Location: index.php'); // ELSE HOME
} else { } else {
header("X-Frame-Options: SAMEORIGIN"); //header("X-Frame-Options: SAMEORIGIN");
header("X-Content-Type-Options: nosniff"); //header("X-Content-Type-Options: nosniff");
//header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false); //header("Content-Security-Policy: script-src 'self' 'unsafe-inline'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; font-src 'self'; media-src 'self'; object-src 'self'; manifest-src 'self'; worker-src 'self'; prefetch-src 'self'; form-action 'self'; frame-ancestors 'self'; default-src 'self'", false);
if (!empty($_GET['a'])) { if (!empty($_GET['a'])) {
echo '<pre>' . print_r($_POST, true) . '</pre>'; echo '<pre>' . print_r($_POST, true) . '</pre>';