Skip to content
Permalink
Browse files

Improve compatibility with FunkFeuer nginx https reverse proxy

  • Loading branch information...
decke committed Aug 27, 2019
1 parent 9d85433 commit 3afbbaa9901fc6b016815453d8bd51b335c6c2ee
Showing with 4 additions and 8 deletions.
  1. +0 −4 index.php
  2. +3 −3 lib/FunkFeuer/Nodeman/Session.php
  3. +1 −1 share/schema.sql
@@ -58,10 +58,6 @@
$response = $response->withHeader('Content-Security-Policy', "script-src 'strict-dynamic' 'nonce-".$globals['nonce']."' 'unsafe-inline' http: https:; object-src 'none'; font-src 'self'; base-uri 'none'; frame-ancestors 'none';");
}
if (!$response->hasHeader('X-Frame-Options')) {
$response = $response->withHeader('X-Frame-Options', 'DENY');
}
return $next($request, $response);
});
@@ -23,11 +23,11 @@ public function __construct()
public static function initialize()
{
// do not expose Cookie value to JavaScript (enforced by browser)
ini_set('session.cookie_httponly', 1);
ini_set('session.cookie_httponly', true);
if (Config::get('security.https_only') === true) {
if (Config::get('security.https_only') == true) {
// only send cookie over https
ini_set('session.cookie_secure', 1);
ini_set('session.cookie_secure', true);
}
// prevent caching by sending no-cache header
@@ -110,7 +110,7 @@ CREATE INDEX linkdata_idx2 ON linkdata (toif);
---

INSERT INTO "config" VALUES('cache.directory', 'tmp/');
INSERT INTO "config" VALUES('security.https_only','false');
INSERT INTO "config" VALUES('security.https_only','true');
INSERT INTO "config" VALUES('title','FunkFeuer Graz');
INSERT INTO "config" VALUES('title.url','https://graz.funkfeuer.at/');

0 comments on commit 3afbbaa

Please sign in to comment.
You can’t perform that action at this time.