kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-10-14 08:11:20 +00:00
Code Issues Projects Releases Wiki Activity

Fixes #2338

Browse Source
This commit is contained in:
James Cole
2019-07-16 19:21:58 +02:00
parent a70b7cc7b9
commit 531161db09
2 changed files with 24 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/Http/Middleware/SecureHeaders.php
View File

@@ -36,7 +36,7 @@ class SecureHeaders
* Handle an incoming request. May not be a limited user (ie. Sandstorm env. or demo user).
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param \Closure $next
*
* @return mixed
*/
@@ -85,7 +85,11 @@ class SecureHeaders
if (false === $disableFrameHeader || null === $disableFrameHeader) {
$response->header('X-Frame-Options', 'deny');
}
$response->header('Content-Security-Policy', implode('; ', $csp));
// content security policy may be set elsewhere.
if (!$response->headers->has('Content-Security-Policy')) {
$response->header('Content-Security-Policy', implode('; ', $csp));
}
$response->header('X-XSS-Protection', '1; mode=block');
$response->header('X-Content-Type-Options', 'nosniff');
$response->header('Referrer-Policy', 'no-referrer');