Add Content Security Policy

author Jakub Vrana <jakub@vrana.cz>

Tue, 9 Jan 2018 17:10:38 +0000 (18:10 +0100)

committer Jakub Vrana <jakub@vrana.cz>

Thu, 11 Jan 2018 17:39:49 +0000 (18:39 +0100)
author Jakub Vrana <jakub@vrana.cz>
Tue, 9 Jan 2018 17:10:38 +0000 (18:10 +0100)
committer Jakub Vrana <jakub@vrana.cz>
Thu, 11 Jan 2018 17:39:49 +0000 (18:39 +0100)
diff --git a/adminer/include/design.inc.php b/adminer/include/design.inc.php

index cd0563e5516cc50d9f5ce74bf979824915b29a0d..48212fc6381bc3f7b85f26b9df0f01a0c0c97660 100644 (file)
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@@ -91,6 +91,7 @@ function page_headers() {
         header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
         header("X-Content-Type-Options: nosniff");
         header("Referrer-Policy: origin-when-cross-origin");
+       header("Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self'; frame-src https://www.adminer.org; form-action 'self'");
         $adminer->headers();
  }
  
diff --git a/changes.txt b/changes.txt

index 5ca548e8fc079c48d502c13e70828e90d785e8e5..d4da508a1232f2d57a593ea059704d64cfaade17 100644 (file)
--- a/changes.txt
+++ b/changes.txt
@@ -1,4 +1,5 @@
  Adminer 4.3.2-dev:
+Add Content Security Policy
  Add nosniff header
  PHP 7.1: Prevent warning when using empty limit
  MySQL: Remove dedicated view for replication status (added in 4.3.0)
author	Jakub Vrana <jakub@vrana.cz>
	Tue, 9 Jan 2018 17:10:38 +0000 (18:10 +0100)
committer	Jakub Vrana <jakub@vrana.cz>
	Thu, 11 Jan 2018 17:39:49 +0000 (18:39 +0100)
adminer/include/design.inc.php		patch \| blob \| history
changes.txt		patch \| blob \| history