anti-framing policy added with headers

This commit is contained in:
Milos Stojanovic
2021-09-27 10:14:36 +02:00
parent 8f1dfd9637
commit 63645f6e04
2 changed files with 7 additions and 0 deletions

View File

@@ -89,5 +89,11 @@ class Security implements Service
die;
}
}
if (empty($config['allow_insecure_overlays']) || !$config['allow_insecure_overlays']) {
$this->response->headers->set('X-Frame-Options', 'sameorigin');
$this->response->headers->set('Content-Security-Policy', 'frame-ancestors \'self\'');
}
}
}

View File

@@ -72,6 +72,7 @@ return [
'csrf_key' => "123456", // randomize this
'ip_allowlist' => [],
'ip_denylist' => [],
'allow_insecure_overlays' => false,
],
],
'Filegator\Services\View\ViewInterface' => [