From 8497e652f63c2f7724d9c9c4e870c7c1b5544249 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 13 Mar 2020 19:43:47 +0100 Subject: [PATCH 1/2] setting more http headers to improve security --- views/bootstrap/class.Bootstrap.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php index b343d35cc..b97cc8f60 100644 --- a/views/bootstrap/class.Bootstrap.php +++ b/views/bootstrap/class.Bootstrap.php @@ -57,12 +57,17 @@ class SeedDMS_Bootstrap_Style extends SeedDMS_View_Common { * Content-Security-Policy since version 23+ * 'worker-src blob:' is needed for cytoscape */ - $csp_rules = "script-src 'self' 'unsafe-eval'; worker-src blob:;"; // style-src 'self';"; + $csp_rules = "script-src 'self' 'unsafe-eval';"; + $csp_rules .= "worker-src blob:;"; + //$csp_rules .= "style-src 'self';"; + /* Do not allow to embed myself into frames on foreigns pages */ + $csp_rules .= "frame-ancestors 'self';"; foreach (array("X-WebKit-CSP", "X-Content-Security-Policy", "Content-Security-Policy") as $csp) { header($csp . ": " . $csp_rules); } } -// header('X-Content-Type-Options: nosniff'); + header('X-Content-Type-Options: nosniff'); + header('Strict-Transport-Security: max-age=15768000'); if($httpheader) { foreach($httpheader as $name=>$value) { header($name . ": " . $value); From e3cd35f004f55b2e86185d98cc81812eba4e1939 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Tue, 17 Mar 2020 17:39:32 +0100 Subject: [PATCH 2/2] add css span.list-details used by documentListRow() --- styles/bootstrap/application.css | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/styles/bootstrap/application.css b/styles/bootstrap/application.css index 63b7e5651..b954dd931 100644 --- a/styles/bootstrap/application.css +++ b/styles/bootstrap/application.css @@ -13,6 +13,12 @@ img.mimeicon { background-color: white; } +span.list-details { + font-size: 85%; + font-style: italic; + color: #666; +} + .list-action a { text-decoration: none; color: #333;