6cda96e3cf
This adds a CSP header for all media delivered through our fetch.php dispatcher. This should revent any scripts etc. to be executed when scriptable media, like SVG is used. Suggestions on finetuning the policy are welcome. The policy is added to the MEDIA_SENDFILE event, so plugins can easily influence it. The way it is passed as an array should make it easier to modify from plugins as well. I put the mechanism to send the header into it's own class in the HTTP namespace. Additional methods from inc/httputils could be moved here later. The method might also be interesting for #2198 and #1676. |
||
---|---|---|
.. | ||
DokuHTTPClient.php | ||
HTTPClient.php | ||
HTTPClientException.php | ||
Headers.php |