nextcloud /
server
@@ -45,22 +45,22 @@ |
||
| 45 | 45 | */ |
| 46 | 46 | class Response { |
| 47 | 47 | |
| 48 | - /** |
|
| 49 | - * Sets the content disposition header (with possible workarounds) |
|
| 50 | - * @param string $filename file name |
|
| 51 | - * @param string $type disposition type, either 'attachment' or 'inline' |
|
| 52 | - * @since 7.0.0 |
|
| 53 | - */ |
|
| 54 | - static public function setContentDispositionHeader( $filename, $type = 'attachment' ) { |
|
| 55 | - \OC_Response::setContentDispositionHeader( $filename, $type ); |
|
| 56 | - } |
|
| 48 | + /** |
|
| 49 | + * Sets the content disposition header (with possible workarounds) |
|
| 50 | + * @param string $filename file name |
|
| 51 | + * @param string $type disposition type, either 'attachment' or 'inline' |
|
| 52 | + * @since 7.0.0 |
|
| 53 | + */ |
|
| 54 | + static public function setContentDispositionHeader( $filename, $type = 'attachment' ) { |
|
| 55 | + \OC_Response::setContentDispositionHeader( $filename, $type ); |
|
| 56 | + } |
|
| 57 | 57 | |
| 58 | - /** |
|
| 59 | - * Sets the content length header (with possible workarounds) |
|
| 60 | - * @param string|int|float $length Length to be sent |
|
| 61 | - * @since 8.1.0 |
|
| 62 | - */ |
|
| 63 | - static public function setContentLengthHeader($length) { |
|
| 64 | - \OC_Response::setContentLengthHeader($length); |
|
| 65 | - } |
|
| 58 | + /** |
|
| 59 | + * Sets the content length header (with possible workarounds) |
|
| 60 | + * @param string|int|float $length Length to be sent |
|
| 61 | + * @since 8.1.0 |
|
| 62 | + */ |
|
| 63 | + static public function setContentLengthHeader($length) { |
|
| 64 | + \OC_Response::setContentLengthHeader($length); |
|
| 65 | + } |
|
| 66 | 66 | } |
@@ -51,8 +51,8 @@ |
||
| 51 | 51 | * @param string $type disposition type, either 'attachment' or 'inline' |
| 52 | 52 | * @since 7.0.0 |
| 53 | 53 | */ |
| 54 | - static public function setContentDispositionHeader( $filename, $type = 'attachment' ) { |
|
| 55 | - \OC_Response::setContentDispositionHeader( $filename, $type ); |
|
| 54 | + static public function setContentDispositionHeader($filename, $type = 'attachment') { |
|
| 55 | + \OC_Response::setContentDispositionHeader($filename, $type); |
|
| 56 | 56 | } |
| 57 | 57 | |
| 58 | 58 | /** |
@@ -28,16 +28,16 @@ |
||
| 28 | 28 | $route = isset($_GET['download']) ? 'files_sharing.sharecontroller.downloadShare' : 'files_sharing.sharecontroller.showShare'; |
| 29 | 29 | |
| 30 | 30 | if($token !== '') { |
| 31 | - $protocol = \OC::$server->getRequest()->getHttpProtocol(); |
|
| 32 | - if ($protocol == 'HTTP/1.0') { |
|
| 33 | - $status = '302 Found'; |
|
| 34 | - } else { |
|
| 35 | - $status = '307 Temporary Redirect'; |
|
| 36 | - } |
|
| 37 | - header($protocol.' ' . $status); |
|
| 38 | - header('Location: ' . $urlGenerator->linkToRoute($route, array('token' => $token))); |
|
| 31 | + $protocol = \OC::$server->getRequest()->getHttpProtocol(); |
|
| 32 | + if ($protocol == 'HTTP/1.0') { |
|
| 33 | + $status = '302 Found'; |
|
| 34 | + } else { |
|
| 35 | + $status = '307 Temporary Redirect'; |
|
| 36 | + } |
|
| 37 | + header($protocol.' ' . $status); |
|
| 38 | + header('Location: ' . $urlGenerator->linkToRoute($route, array('token' => $token))); |
|
| 39 | 39 | } else { |
| 40 | - header('HTTP/1.0 404 Not Found'); |
|
| 41 | - $tmpl = new OCP\Template('', '404', 'guest'); |
|
| 42 | - print_unescaped($tmpl->fetchPage()); |
|
| 40 | + header('HTTP/1.0 404 Not Found'); |
|
| 41 | + $tmpl = new OCP\Template('', '404', 'guest'); |
|
| 42 | + print_unescaped($tmpl->fetchPage()); |
|
| 43 | 43 | } |
@@ -27,15 +27,15 @@ |
||
| 27 | 27 | $token = isset($_GET['t']) ? $_GET['t'] : ''; |
| 28 | 28 | $route = isset($_GET['download']) ? 'files_sharing.sharecontroller.downloadShare' : 'files_sharing.sharecontroller.showShare'; |
| 29 | 29 | |
| 30 | -if($token !== '') { |
|
| 30 | +if ($token !== '') { |
|
| 31 | 31 | $protocol = \OC::$server->getRequest()->getHttpProtocol(); |
| 32 | 32 | if ($protocol == 'HTTP/1.0') { |
| 33 | 33 | $status = '302 Found'; |
| 34 | 34 | } else { |
| 35 | 35 | $status = '307 Temporary Redirect'; |
| 36 | 36 | } |
| 37 | - header($protocol.' ' . $status); |
|
| 38 | - header('Location: ' . $urlGenerator->linkToRoute($route, array('token' => $token))); |
|
| 37 | + header($protocol.' '.$status); |
|
| 38 | + header('Location: '.$urlGenerator->linkToRoute($route, array('token' => $token))); |
|
| 39 | 39 | } else { |
| 40 | 40 | header('HTTP/1.0 404 Not Found'); |
| 41 | 41 | $tmpl = new OCP\Template('', '404', 'guest'); |
@@ -31,123 +31,123 @@ |
||
| 31 | 31 | */ |
| 32 | 32 | |
| 33 | 33 | class OC_Response { |
| 34 | - const STATUS_FOUND = 302; |
|
| 35 | - const STATUS_NOT_MODIFIED = 304; |
|
| 36 | - const STATUS_TEMPORARY_REDIRECT = 307; |
|
| 37 | - const STATUS_BAD_REQUEST = 400; |
|
| 38 | - const STATUS_FORBIDDEN = 403; |
|
| 39 | - const STATUS_NOT_FOUND = 404; |
|
| 40 | - const STATUS_INTERNAL_SERVER_ERROR = 500; |
|
| 41 | - const STATUS_SERVICE_UNAVAILABLE = 503; |
|
| 34 | + const STATUS_FOUND = 302; |
|
| 35 | + const STATUS_NOT_MODIFIED = 304; |
|
| 36 | + const STATUS_TEMPORARY_REDIRECT = 307; |
|
| 37 | + const STATUS_BAD_REQUEST = 400; |
|
| 38 | + const STATUS_FORBIDDEN = 403; |
|
| 39 | + const STATUS_NOT_FOUND = 404; |
|
| 40 | + const STATUS_INTERNAL_SERVER_ERROR = 500; |
|
| 41 | + const STATUS_SERVICE_UNAVAILABLE = 503; |
|
| 42 | 42 | |
| 43 | - /** |
|
| 44 | - * Set response status |
|
| 45 | - * @param int $status a HTTP status code, see also the STATUS constants |
|
| 46 | - */ |
|
| 47 | - static public function setStatus($status) { |
|
| 48 | - $protocol = \OC::$server->getRequest()->getHttpProtocol(); |
|
| 49 | - switch($status) { |
|
| 50 | - case self::STATUS_NOT_MODIFIED: |
|
| 51 | - $status = $status . ' Not Modified'; |
|
| 52 | - break; |
|
| 53 | - case self::STATUS_TEMPORARY_REDIRECT: |
|
| 54 | - if ($protocol == 'HTTP/1.0') { |
|
| 55 | - $status = self::STATUS_FOUND; |
|
| 56 | - // fallthrough |
|
| 57 | - } else { |
|
| 58 | - $status = $status . ' Temporary Redirect'; |
|
| 59 | - break; |
|
| 60 | - } |
|
| 61 | - case self::STATUS_FOUND; |
|
| 62 | - $status = $status . ' Found'; |
|
| 63 | - break; |
|
| 64 | - case self::STATUS_NOT_FOUND; |
|
| 65 | - $status = $status . ' Not Found'; |
|
| 66 | - break; |
|
| 67 | - case self::STATUS_INTERNAL_SERVER_ERROR; |
|
| 68 | - $status = $status . ' Internal Server Error'; |
|
| 69 | - break; |
|
| 70 | - case self::STATUS_SERVICE_UNAVAILABLE; |
|
| 71 | - $status = $status . ' Service Unavailable'; |
|
| 72 | - break; |
|
| 73 | - } |
|
| 74 | - header($protocol.' '.$status); |
|
| 75 | - } |
|
| 43 | + /** |
|
| 44 | + * Set response status |
|
| 45 | + * @param int $status a HTTP status code, see also the STATUS constants |
|
| 46 | + */ |
|
| 47 | + static public function setStatus($status) { |
|
| 48 | + $protocol = \OC::$server->getRequest()->getHttpProtocol(); |
|
| 49 | + switch($status) { |
|
| 50 | + case self::STATUS_NOT_MODIFIED: |
|
| 51 | + $status = $status . ' Not Modified'; |
|
| 52 | + break; |
|
| 53 | + case self::STATUS_TEMPORARY_REDIRECT: |
|
| 54 | + if ($protocol == 'HTTP/1.0') { |
|
| 55 | + $status = self::STATUS_FOUND; |
|
| 56 | + // fallthrough |
|
| 57 | + } else { |
|
| 58 | + $status = $status . ' Temporary Redirect'; |
|
| 59 | + break; |
|
| 60 | + } |
|
| 61 | + case self::STATUS_FOUND; |
|
| 62 | + $status = $status . ' Found'; |
|
| 63 | + break; |
|
| 64 | + case self::STATUS_NOT_FOUND; |
|
| 65 | + $status = $status . ' Not Found'; |
|
| 66 | + break; |
|
| 67 | + case self::STATUS_INTERNAL_SERVER_ERROR; |
|
| 68 | + $status = $status . ' Internal Server Error'; |
|
| 69 | + break; |
|
| 70 | + case self::STATUS_SERVICE_UNAVAILABLE; |
|
| 71 | + $status = $status . ' Service Unavailable'; |
|
| 72 | + break; |
|
| 73 | + } |
|
| 74 | + header($protocol.' '.$status); |
|
| 75 | + } |
|
| 76 | 76 | |
| 77 | - /** |
|
| 78 | - * Sets the content disposition header (with possible workarounds) |
|
| 79 | - * @param string $filename file name |
|
| 80 | - * @param string $type disposition type, either 'attachment' or 'inline' |
|
| 81 | - */ |
|
| 82 | - static public function setContentDispositionHeader( $filename, $type = 'attachment' ) { |
|
| 83 | - if (\OC::$server->getRequest()->isUserAgent( |
|
| 84 | - [ |
|
| 85 | - \OC\AppFramework\Http\Request::USER_AGENT_IE, |
|
| 86 | - \OC\AppFramework\Http\Request::USER_AGENT_ANDROID_MOBILE_CHROME, |
|
| 87 | - \OC\AppFramework\Http\Request::USER_AGENT_FREEBOX, |
|
| 88 | - ])) { |
|
| 89 | - header( 'Content-Disposition: ' . rawurlencode($type) . '; filename="' . rawurlencode( $filename ) . '"' ); |
|
| 90 | - } else { |
|
| 91 | - header( 'Content-Disposition: ' . rawurlencode($type) . '; filename*=UTF-8\'\'' . rawurlencode( $filename ) |
|
| 92 | - . '; filename="' . rawurlencode( $filename ) . '"' ); |
|
| 93 | - } |
|
| 94 | - } |
|
| 77 | + /** |
|
| 78 | + * Sets the content disposition header (with possible workarounds) |
|
| 79 | + * @param string $filename file name |
|
| 80 | + * @param string $type disposition type, either 'attachment' or 'inline' |
|
| 81 | + */ |
|
| 82 | + static public function setContentDispositionHeader( $filename, $type = 'attachment' ) { |
|
| 83 | + if (\OC::$server->getRequest()->isUserAgent( |
|
| 84 | + [ |
|
| 85 | + \OC\AppFramework\Http\Request::USER_AGENT_IE, |
|
| 86 | + \OC\AppFramework\Http\Request::USER_AGENT_ANDROID_MOBILE_CHROME, |
|
| 87 | + \OC\AppFramework\Http\Request::USER_AGENT_FREEBOX, |
|
| 88 | + ])) { |
|
| 89 | + header( 'Content-Disposition: ' . rawurlencode($type) . '; filename="' . rawurlencode( $filename ) . '"' ); |
|
| 90 | + } else { |
|
| 91 | + header( 'Content-Disposition: ' . rawurlencode($type) . '; filename*=UTF-8\'\'' . rawurlencode( $filename ) |
|
| 92 | + . '; filename="' . rawurlencode( $filename ) . '"' ); |
|
| 93 | + } |
|
| 94 | + } |
|
| 95 | 95 | |
| 96 | - /** |
|
| 97 | - * Sets the content length header (with possible workarounds) |
|
| 98 | - * @param string|int|float $length Length to be sent |
|
| 99 | - */ |
|
| 100 | - static public function setContentLengthHeader($length) { |
|
| 101 | - if (PHP_INT_SIZE === 4) { |
|
| 102 | - if ($length > PHP_INT_MAX && stripos(PHP_SAPI, 'apache') === 0) { |
|
| 103 | - // Apache PHP SAPI casts Content-Length headers to PHP integers. |
|
| 104 | - // This enforces a limit of PHP_INT_MAX (2147483647 on 32-bit |
|
| 105 | - // platforms). So, if the length is greater than PHP_INT_MAX, |
|
| 106 | - // we just do not send a Content-Length header to prevent |
|
| 107 | - // bodies from being received incompletely. |
|
| 108 | - return; |
|
| 109 | - } |
|
| 110 | - // Convert signed integer or float to unsigned base-10 string. |
|
| 111 | - $lfh = new \OC\LargeFileHelper; |
|
| 112 | - $length = $lfh->formatUnsignedInteger($length); |
|
| 113 | - } |
|
| 114 | - header('Content-Length: '.$length); |
|
| 115 | - } |
|
| 96 | + /** |
|
| 97 | + * Sets the content length header (with possible workarounds) |
|
| 98 | + * @param string|int|float $length Length to be sent |
|
| 99 | + */ |
|
| 100 | + static public function setContentLengthHeader($length) { |
|
| 101 | + if (PHP_INT_SIZE === 4) { |
|
| 102 | + if ($length > PHP_INT_MAX && stripos(PHP_SAPI, 'apache') === 0) { |
|
| 103 | + // Apache PHP SAPI casts Content-Length headers to PHP integers. |
|
| 104 | + // This enforces a limit of PHP_INT_MAX (2147483647 on 32-bit |
|
| 105 | + // platforms). So, if the length is greater than PHP_INT_MAX, |
|
| 106 | + // we just do not send a Content-Length header to prevent |
|
| 107 | + // bodies from being received incompletely. |
|
| 108 | + return; |
|
| 109 | + } |
|
| 110 | + // Convert signed integer or float to unsigned base-10 string. |
|
| 111 | + $lfh = new \OC\LargeFileHelper; |
|
| 112 | + $length = $lfh->formatUnsignedInteger($length); |
|
| 113 | + } |
|
| 114 | + header('Content-Length: '.$length); |
|
| 115 | + } |
|
| 116 | 116 | |
| 117 | - /** |
|
| 118 | - * This function adds some security related headers to all requests served via base.php |
|
| 119 | - * The implementation of this function has to happen here to ensure that all third-party |
|
| 120 | - * components (e.g. SabreDAV) also benefit from this headers. |
|
| 121 | - */ |
|
| 122 | - public static function addSecurityHeaders() { |
|
| 123 | - /** |
|
| 124 | - * FIXME: Content Security Policy for legacy ownCloud components. This |
|
| 125 | - * can be removed once \OCP\AppFramework\Http\Response from the AppFramework |
|
| 126 | - * is used everywhere. |
|
| 127 | - * @see \OCP\AppFramework\Http\Response::getHeaders |
|
| 128 | - */ |
|
| 129 | - $policy = 'default-src \'self\'; ' |
|
| 130 | - . 'script-src \'self\' \'unsafe-eval\' \'nonce-'.\OC::$server->getContentSecurityPolicyNonceManager()->getNonce().'\'; ' |
|
| 131 | - . 'style-src \'self\' \'unsafe-inline\'; ' |
|
| 132 | - . 'frame-src *; ' |
|
| 133 | - . 'img-src * data: blob:; ' |
|
| 134 | - . 'font-src \'self\' data:; ' |
|
| 135 | - . 'media-src *; ' |
|
| 136 | - . 'connect-src *; ' |
|
| 137 | - . 'object-src \'none\'; ' |
|
| 138 | - . 'base-uri \'self\'; '; |
|
| 139 | - header('Content-Security-Policy:' . $policy); |
|
| 140 | - header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains |
|
| 117 | + /** |
|
| 118 | + * This function adds some security related headers to all requests served via base.php |
|
| 119 | + * The implementation of this function has to happen here to ensure that all third-party |
|
| 120 | + * components (e.g. SabreDAV) also benefit from this headers. |
|
| 121 | + */ |
|
| 122 | + public static function addSecurityHeaders() { |
|
| 123 | + /** |
|
| 124 | + * FIXME: Content Security Policy for legacy ownCloud components. This |
|
| 125 | + * can be removed once \OCP\AppFramework\Http\Response from the AppFramework |
|
| 126 | + * is used everywhere. |
|
| 127 | + * @see \OCP\AppFramework\Http\Response::getHeaders |
|
| 128 | + */ |
|
| 129 | + $policy = 'default-src \'self\'; ' |
|
| 130 | + . 'script-src \'self\' \'unsafe-eval\' \'nonce-'.\OC::$server->getContentSecurityPolicyNonceManager()->getNonce().'\'; ' |
|
| 131 | + . 'style-src \'self\' \'unsafe-inline\'; ' |
|
| 132 | + . 'frame-src *; ' |
|
| 133 | + . 'img-src * data: blob:; ' |
|
| 134 | + . 'font-src \'self\' data:; ' |
|
| 135 | + . 'media-src *; ' |
|
| 136 | + . 'connect-src *; ' |
|
| 137 | + . 'object-src \'none\'; ' |
|
| 138 | + . 'base-uri \'self\'; '; |
|
| 139 | + header('Content-Security-Policy:' . $policy); |
|
| 140 | + header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains |
|
| 141 | 141 | |
| 142 | - // Send fallback headers for installations that don't have the possibility to send |
|
| 143 | - // custom headers on the webserver side |
|
| 144 | - if(getenv('modHeadersAvailable') !== 'true') { |
|
| 145 | - header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters |
|
| 146 | - header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE |
|
| 147 | - header('X-Robots-Tag: none'); // https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag |
|
| 148 | - header('X-Download-Options: noopen'); // https://msdn.microsoft.com/en-us/library/jj542450(v=vs.85).aspx |
|
| 149 | - header('X-Permitted-Cross-Domain-Policies: none'); // https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html |
|
| 150 | - } |
|
| 151 | - } |
|
| 142 | + // Send fallback headers for installations that don't have the possibility to send |
|
| 143 | + // custom headers on the webserver side |
|
| 144 | + if(getenv('modHeadersAvailable') !== 'true') { |
|
| 145 | + header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters |
|
| 146 | + header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE |
|
| 147 | + header('X-Robots-Tag: none'); // https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag |
|
| 148 | + header('X-Download-Options: noopen'); // https://msdn.microsoft.com/en-us/library/jj542450(v=vs.85).aspx |
|
| 149 | + header('X-Permitted-Cross-Domain-Policies: none'); // https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html |
|
| 150 | + } |
|
| 151 | + } |
|
| 152 | 152 | |
| 153 | 153 | } |
@@ -46,29 +46,29 @@ discard block |
||
| 46 | 46 | */ |
| 47 | 47 | static public function setStatus($status) { |
| 48 | 48 | $protocol = \OC::$server->getRequest()->getHttpProtocol(); |
| 49 | - switch($status) { |
|
| 49 | + switch ($status) { |
|
| 50 | 50 | case self::STATUS_NOT_MODIFIED: |
| 51 | - $status = $status . ' Not Modified'; |
|
| 51 | + $status = $status.' Not Modified'; |
|
| 52 | 52 | break; |
| 53 | 53 | case self::STATUS_TEMPORARY_REDIRECT: |
| 54 | 54 | if ($protocol == 'HTTP/1.0') { |
| 55 | 55 | $status = self::STATUS_FOUND; |
| 56 | 56 | // fallthrough |
| 57 | 57 | } else { |
| 58 | - $status = $status . ' Temporary Redirect'; |
|
| 58 | + $status = $status.' Temporary Redirect'; |
|
| 59 | 59 | break; |
| 60 | 60 | } |
| 61 | 61 | case self::STATUS_FOUND; |
| 62 | - $status = $status . ' Found'; |
|
| 62 | + $status = $status.' Found'; |
|
| 63 | 63 | break; |
| 64 | 64 | case self::STATUS_NOT_FOUND; |
| 65 | - $status = $status . ' Not Found'; |
|
| 65 | + $status = $status.' Not Found'; |
|
| 66 | 66 | break; |
| 67 | 67 | case self::STATUS_INTERNAL_SERVER_ERROR; |
| 68 | - $status = $status . ' Internal Server Error'; |
|
| 68 | + $status = $status.' Internal Server Error'; |
|
| 69 | 69 | break; |
| 70 | 70 | case self::STATUS_SERVICE_UNAVAILABLE; |
| 71 | - $status = $status . ' Service Unavailable'; |
|
| 71 | + $status = $status.' Service Unavailable'; |
|
| 72 | 72 | break; |
| 73 | 73 | } |
| 74 | 74 | header($protocol.' '.$status); |
@@ -79,17 +79,17 @@ discard block |
||
| 79 | 79 | * @param string $filename file name |
| 80 | 80 | * @param string $type disposition type, either 'attachment' or 'inline' |
| 81 | 81 | */ |
| 82 | - static public function setContentDispositionHeader( $filename, $type = 'attachment' ) { |
|
| 82 | + static public function setContentDispositionHeader($filename, $type = 'attachment') { |
|
| 83 | 83 | if (\OC::$server->getRequest()->isUserAgent( |
| 84 | 84 | [ |
| 85 | 85 | \OC\AppFramework\Http\Request::USER_AGENT_IE, |
| 86 | 86 | \OC\AppFramework\Http\Request::USER_AGENT_ANDROID_MOBILE_CHROME, |
| 87 | 87 | \OC\AppFramework\Http\Request::USER_AGENT_FREEBOX, |
| 88 | 88 | ])) { |
| 89 | - header( 'Content-Disposition: ' . rawurlencode($type) . '; filename="' . rawurlencode( $filename ) . '"' ); |
|
| 89 | + header('Content-Disposition: '.rawurlencode($type).'; filename="'.rawurlencode($filename).'"'); |
|
| 90 | 90 | } else { |
| 91 | - header( 'Content-Disposition: ' . rawurlencode($type) . '; filename*=UTF-8\'\'' . rawurlencode( $filename ) |
|
| 92 | - . '; filename="' . rawurlencode( $filename ) . '"' ); |
|
| 91 | + header('Content-Disposition: '.rawurlencode($type).'; filename*=UTF-8\'\''.rawurlencode($filename) |
|
| 92 | + . '; filename="'.rawurlencode($filename).'"'); |
|
| 93 | 93 | } |
| 94 | 94 | } |
| 95 | 95 | |
@@ -136,12 +136,12 @@ discard block |
||
| 136 | 136 | . 'connect-src *; ' |
| 137 | 137 | . 'object-src \'none\'; ' |
| 138 | 138 | . 'base-uri \'self\'; '; |
| 139 | - header('Content-Security-Policy:' . $policy); |
|
| 139 | + header('Content-Security-Policy:'.$policy); |
|
| 140 | 140 | header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains |
| 141 | 141 | |
| 142 | 142 | // Send fallback headers for installations that don't have the possibility to send |
| 143 | 143 | // custom headers on the webserver side |
| 144 | - if(getenv('modHeadersAvailable') !== 'true') { |
|
| 144 | + if (getenv('modHeadersAvailable') !== 'true') { |
|
| 145 | 145 | header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters |
| 146 | 146 | header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE |
| 147 | 147 | header('X-Robots-Tag: none'); // https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag |
