Changeset View
Changeset View
Standalone View
Standalone View
src/aphront/response/AphrontResponse.php
| Show First 20 Lines • Show All 148 Lines • ▼ Show 20 Lines | private function newContentSecurityPolicyHeader() { | ||||
| // Don't allow forms to submit offsite. | // Don't allow forms to submit offsite. | ||||
| // This can result in some trickiness with file downloads if applications | // This can result in some trickiness with file downloads if applications | ||||
| // try to start downloads by submitting a dialog. Redirect to the file's | // try to start downloads by submitting a dialog. Redirect to the file's | ||||
| // download URI instead of submitting a form to it. | // download URI instead of submitting a form to it. | ||||
| $csp[] = "form-action 'self'"; | $csp[] = "form-action 'self'"; | ||||
| // Block use of "<base>" to change the origin of relative URIs on the page. | |||||
| $csp[] = "base-uri 'none'"; | |||||
| $csp = implode('; ', $csp); | $csp = implode('; ', $csp); | ||||
| return $csp; | return $csp; | ||||
| } | } | ||||
| private function newContentSecurityPolicy($type, $defaults) { | private function newContentSecurityPolicy($type, $defaults) { | ||||
| if ($defaults === null) { | if ($defaults === null) { | ||||
| $sources = array(); | $sources = array(); | ||||
| ▲ Show 20 Lines • Show All 237 Lines • Show Last 20 Lines | |||||