NoLog.cz/decide.nolog.cz
6
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

CSP header is applied on a per-page-basis and for AJAX response applied by the context that performed the fetch

Browse source
This commit is contained in:
jelhan 2015-07-02 12:53:36 +02:00
parent d48395d059
commit eb24c47e6a
1 changed files with 0 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
public/api.php
View file

@ -38,9 +38,6 @@ switch ($_SERVER['REQUEST_METHOD']) {
// set http header
header("HTTP/1.0 404 Not Found");
// forbid browser to load javascript from an external location
header("Content-Security-Policy: script-src 'self'");
// prevent caching explicitly
header("Expires: -1");
@ -49,9 +46,6 @@ switch ($_SERVER['REQUEST_METHOD']) {
// set http header
header("HTTP/1.0 200 OK");
// forbid browser to load javascript from an external location
header("Content-Security-Policy: script-src 'self'");
// set content-type and charset
header('Content-Type: application/x-json-encrypted; charset=utf-8');
@ -94,9 +88,6 @@ switch ($_SERVER['REQUEST_METHOD']) {
// set http header
header("HTTP/1.0 200 OK");
// strict transport security header
header("Strict-Transport-Security: max-age=31536000");
// set content-type and charset
header('Content-Type: application/x-json-encrypted; charset=utf-8');
@ -129,9 +120,6 @@ switch ($_SERVER['REQUEST_METHOD']) {
default:
// set http header
header("HTTP/1.0 400 Bad Request");
// forbid browser to load javascript from an external location
header("Content-Security-Policy: script-src 'self'");
// prevent caching explicitly
header("Expires: -1");