Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

2025-05-16 22:51:32 +00:00 · 2020-03-18 18:17:33 +01:00 · 2020-03-18 18:17:33 +01:00 · 2c53286943
commit 2c53286943
parent f21ce1f2ed e3cd35f004
2 changed files with 13 additions and 2 deletions
--- a/styles/bootstrap/application.css
+++ b/styles/bootstrap/application.css
@ -13,6 +13,12 @@ img.mimeicon {
 	background-color: white;
 }

+span.list-details {
+	font-size: 85%;
+	font-style: italic;
+	color: #666;
+}
+
 .list-action a {
 	text-decoration: none;
 	color: #333;
--- a/views/bootstrap/class.Bootstrap.php
+++ b/views/bootstrap/class.Bootstrap.php
@ -57,12 +57,17 @@ class SeedDMS_Bootstrap_Style extends SeedDMS_View_Common {
 			 * Content-Security-Policy since version 23+
 			 * 'worker-src blob:' is needed for cytoscape
 			 */
-			$csp_rules = "script-src 'self' 'unsafe-eval'; worker-src blob:;"; // style-src 'self';";
+			$csp_rules = "script-src 'self' 'unsafe-eval';";
+			$csp_rules .= "worker-src blob:;";
+			//$csp_rules .= "style-src 'self';";
+			/* Do not allow to embed myself into frames on foreigns pages */
+			$csp_rules .= "frame-ancestors 'self';";
 			foreach (array("X-WebKit-CSP", "X-Content-Security-Policy", "Content-Security-Policy") as $csp) {
 				header($csp . ": " . $csp_rules);
 			}
 		}
-//		header('X-Content-Type-Options: nosniff');
+		header('X-Content-Type-Options: nosniff');
+		header('Strict-Transport-Security: max-age=15768000');
 		if($httpheader) {
 			foreach($httpheader as $name=>$value) {
 				header($name . ": " . $value);