Encrypt fixes, add carnum options, remove debug lines

This commit is contained in:
Josh North 2021-10-15 22:31:52 -04:00
parent 9340a49b67
commit 9cd8dc3031
6 changed files with 26 additions and 19 deletions

View File

@ -1,2 +1,9 @@
RedirectMatch 404 /\.git
Header append X-FRAME-OPTIONS "SAMEORIGIN"
Header append X-Content-Type-Options "nosniff"
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
# Header always append X-Frame-Options SAMEORIGIN
Header always set Strict-Transport-Security "max-age=604800; includeSubDomains"
Header set X-Content-Type-Options nosniff
</IfModule>

View File

@ -18,11 +18,11 @@
$app_disp_lang = filter_input(INPUT_POST, 'app_disp_lang', FILTER_SANITIZE_FULL_SPECIAL_CHARS); // GET SANITARY LANG CHOICE
// only works with new php?
// setcookie ( 'app_disp_lang', $app_disp_lang, [
// 'expires' => time() + 60*60*24*90,
// 'secure' => false,
// 'httponly' => false,
// 'samesite' => 'Lax',
//]);
setcookie ( 'app_disp_lang', $app_disp_lang, time() + 60*60*24*90); // SET SITE COOKIE
setcookie ( 'app_disp_lang', $app_disp_lang, [
'expires' => time() + 60*60*24*90,
'secure' => false,
'httponly' => true,
'samesite' => 'Strict',
]);
//setcookie ( 'app_disp_lang', $app_disp_lang, time() + 60*60*24*90); // SET SITE COOKIE
header('Location: index.php'); // GO HOME UNTIL WE ADD REFERER LOGIC

View File

@ -17,11 +17,11 @@
*/
$site = filter_input(INPUT_POST, 'site', FILTER_SANITIZE_STRING); // GET SANITARY SITE CHOICE
//setcookie ( 'app_site', $site, [
// 'expires' => time() + 60*60*24*90,
// 'secure' => false,
// 'httponly' => false,
// 'samesite' => 'Lax',
//]);
setcookie ( 'app_site', $site, time() + 60*60*24*90); // SET SITE COOKIE
setcookie ( 'app_site', $site, [
'expires' => time() + 60*60*24*90,
'secure' => false,
'httponly' => true,
'samesite' => 'Strict',
]);
//setcookie ( 'app_site', $site, time() + 60*60*24*90); // SET SITE COOKIE
header('Location: index.php'); // GO HOME UNTIL WE ADD REFERER LOGIC

View File

@ -35,7 +35,7 @@ class csrf {
'expires' => $token->expiry,
'secure' => false,
'httponly' => false,
'samesite' => 'Lax',
'samesite' => 'Strict',
]);
return $_SESSION['csrftokens'][$page] = $token;

View File

@ -1,5 +1,5 @@
include.path=${php.global.include.path}
php.version=PHP_54
php.version=PHP_72
source.encoding=UTF-8
src.dir=.
tags.asp=false

View File

@ -36,8 +36,8 @@ class Csrf
setcookie ( self::makeCookieName($page), $token->cookietoken, [
'expires' => $token->expiry,
'secure' => false,
'httponly' => false,
'samesite' => 'Lax',
'httponly' => true,
'samesite' => 'Strict',
]);
return $_SESSION['csrftokens'][$page] = $token;