Changeset View
Changeset View
Standalone View
Standalone View
src/aphront/response/AphrontResponse.php
Show First 20 Lines • Show All 148 Lines • ▼ Show 20 Lines | private function newContentSecurityPolicyHeader() { | ||||
// Don't allow forms to submit offsite. | // Don't allow forms to submit offsite. | ||||
// This can result in some trickiness with file downloads if applications | // This can result in some trickiness with file downloads if applications | ||||
// try to start downloads by submitting a dialog. Redirect to the file's | // try to start downloads by submitting a dialog. Redirect to the file's | ||||
// download URI instead of submitting a form to it. | // download URI instead of submitting a form to it. | ||||
$csp[] = "form-action 'self'"; | $csp[] = "form-action 'self'"; | ||||
// Block use of "<base>" to change the origin of relative URIs on the page. | |||||
$csp[] = "base-uri 'none'"; | |||||
$csp = implode('; ', $csp); | $csp = implode('; ', $csp); | ||||
return $csp; | return $csp; | ||||
} | } | ||||
private function newContentSecurityPolicy($type, $defaults) { | private function newContentSecurityPolicy($type, $defaults) { | ||||
if ($defaults === null) { | if ($defaults === null) { | ||||
$sources = array(); | $sources = array(); | ||||
▲ Show 20 Lines • Show All 237 Lines • Show Last 20 Lines |