Skip to content

Commit

Permalink
Add Content Security Policy (CSP)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Udera
Udera committed Apr 15, 2017
1 parent 756fc7f commit e7b39af
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
1 change: 1 addition & 0 deletions vexim/config/httpheaders.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,5 @@
session_start();
header("Cache-control: private"); // IE6 hack to back forms + BACK button work
header("Content-Type: text/html; charset=utf-8");
if (isset($CSPenabled) && $CSPenabled === true) header("Content-Security-Policy: default-src 'self';");
?>
4 changes: 4 additions & 0 deletions vexim/config/variables.php.example
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,10 @@
*/
$passwordstrengthcheck = 1;

/* Enable Content Security Policy (CSP) to prevent cross-site scripting
and other code-injection attacks. */
$CSPenabled = false;

/* The UID's and GID's control the default UID and GID for new domains
and if postmasters can define their own.
THE UID AND GID MUST BE NUMERIC! */
Expand Down

0 comments on commit e7b39af

Please sign in to comment.