mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-03-18 22:50:19 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch 'MDL-68820-referrer-policy' of https://github.com/Peterburnett/moodle

Browse Source
This commit is contained in:
Andrew Nicols 2020-07-06 12:38:29 +08:00
commit e4faf5fede
3 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
admin/settings/security.php
View File

@ -160,6 +160,23 @@ if ($hassiteconfig) { // speedup for non-admins, add all caps used on this page
$temp->add(new admin_setting_configportlist('curlsecurityallowedport',
new lang_string('curlsecurityallowedport', 'admin'),
new lang_string('curlsecurityallowedportsyntax', 'admin'), ""));
// HTTP Header referrer policy settings.
$referreroptions = [
'default' => get_string('referrernone', 'admin'),
'no-referrer' => 'no-referrer',
'no-referrer-when-downgrade' => 'no-referrer-when-downgrade',
'origin' => 'origin',
'origin-when-cross-origin' => 'origin-when-cross-origin',
'same-origin' => 'same-origin',
'strict-origin' => 'strict-origin',
'strict-origin-when-cross-origin' => 'strict-origin-when-cross-origin',
'unsafe-url' => 'unsafe-url',
];
$temp->add(new admin_setting_configselect('referrerpolicy',
new lang_string('referrerpolicy', 'admin'),
new lang_string('referrerpolicydesc', 'admin'), 'default', $referreroptions));
$ADMIN->add('security', $temp);
// "notifications" settingpage

3
lang/en/admin.php
View File

@ -1070,6 +1070,9 @@ $string['purgeselectedcaches'] = 'Purge selected caches';
$string['purgeselectedcachesfinished'] = 'The selected caches were purged.';
$string['purgetemplates'] = 'Templates';
$string['purgethemecache'] = 'Themes';
$string['referrernone'] = 'Browser default';
$string['referrerpolicy'] = 'Referrer policy';
$string['referrerpolicydesc'] = 'Set the referrer policy header to be included with responses from your site.';
$string['restorecourse'] = 'Restore course';
$string['restorernewroleid'] = 'Restorers\' role in courses';
$string['restorernewroleid_help'] = 'If the user does not already have the permission to manage the newly restored course, the user is automatically assigned this role and enrolled if necessary. Select "None" if you do not want restorers to be able to manage every restored course.';

5
lib/weblib.php
View File

@ -2285,6 +2285,11 @@ function send_headers($contenttype, $cacheable = true) {
if (empty($CFG->allowframembedding) && !core_useragent::is_moodle_app()) {
@header('X-Frame-Options: sameorigin');
}
// If referrer policy is set, add a referrer header.
if (!empty($CFG->referrerpolicy) && ($CFG->referrerpolicy !== 'default')) {
@header('Referrer-Policy: ' . $CFG->referrerpolicy);
}
}
/**