LBRYFoundation/lbry.com
1
0
Fork 0
mirror of https://github.com/LBRYFoundation/lbry.com.git synced 2025-08-30 17:01:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

block iframe embedding

Browse source 
protects against clickjacking attacks. I'm not sure if we have any data worth jacking (maybe the youtube form?) but we may in the future.
This commit is contained in:
Alex Grin 2020-09-04 13:04:00 -04:00 committed by GitHub
parent 9e1eb20e96
commit 443543dba9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
view/Response.class.php
View file

@ -249,10 +249,10 @@ class Response
public static function setDefaultSecurityHeaders() public static function setDefaultSecurityHeaders()
{ {
$defaultHeaders = [ $defaultHeaders = [
//'Content-Security-Policy' => "frame-ancestors 'none'", 'Content-Security-Policy' => "frame-ancestors 'none'",
//'X-Frame-Options' => 'DENY', 'X-Frame-Options' => 'DENY',
'X-XSS-Protection' => '1', 'X-XSS-Protection' => '1',
]; ];
if (IS_PRODUCTION) { if (IS_PRODUCTION) {
$defaultHeaders['Strict-Transport-Security'] = 'max-age=31536000'; $defaultHeaders['Strict-Transport-Security'] = 'max-age=31536000';