NoLog.cz/decide.nolog.cz
6
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

HSTS header should be set on server side; not by application

Browse source
This commit is contained in:
jelhan 2015-07-02 12:34:03 +02:00
parent 67cc41973f
commit d48395d059
1 changed files with 0 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
public/api.php
View file

@ -42,9 +42,6 @@ switch ($_SERVER['REQUEST_METHOD']) {
// forbid browser to load javascript from an external location // forbid browser to load javascript from an external location
header("Content-Security-Policy: script-src 'self'"); header("Content-Security-Policy: script-src 'self'");
// strict transport security header
header("Strict-Transport-Security: max-age=31536000");
// prevent caching explicitly // prevent caching explicitly
header("Expires: -1"); header("Expires: -1");
} }
@ -55,9 +52,6 @@ switch ($_SERVER['REQUEST_METHOD']) {
// forbid browser to load javascript from an external location // forbid browser to load javascript from an external location
header("Content-Security-Policy: script-src 'self'"); header("Content-Security-Policy: script-src 'self'");
// strict transport security header
header("Strict-Transport-Security: max-age=31536000");
// set content-type and charset // set content-type and charset
header('Content-Type: application/x-json-encrypted; charset=utf-8'); header('Content-Type: application/x-json-encrypted; charset=utf-8');
@ -100,9 +94,6 @@ switch ($_SERVER['REQUEST_METHOD']) {
// set http header // set http header
header("HTTP/1.0 200 OK"); header("HTTP/1.0 200 OK");
// forbid browser to load javascript from an external location
header("Content-Security-Policy: script-src 'self'");
// strict transport security header // strict transport security header
header("Strict-Transport-Security: max-age=31536000"); header("Strict-Transport-Security: max-age=31536000");
@ -142,9 +133,6 @@ switch ($_SERVER['REQUEST_METHOD']) {
// forbid browser to load javascript from an external location // forbid browser to load javascript from an external location
header("Content-Security-Policy: script-src 'self'"); header("Content-Security-Policy: script-src 'self'");
// strict transport security header
header("Strict-Transport-Security: max-age=31536000");
// prevent caching explicitly // prevent caching explicitly
header("Expires: -1"); header("Expires: -1");