diff options
| author | J0WI <J0WI@users.noreply.github.com> | 2019-07-01 18:41:04 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2019-08-11 20:11:50 +0200 |
| commit | 3f2932c75a44feed4d10183fb7a286ed1b1e8ce4 (patch) | |
| tree | 8d16b560d9838430941f250d35fbb3f1ed65e57a | |
| parent | 76cbd7db6e69340cb53b8333f129373f3044bdc3 (diff) | |
| download | nextcloud-server-3f2932c75a44feed4d10183fb7a286ed1b1e8ce4.tar.gz nextcloud-server-3f2932c75a44feed4d10183fb7a286ed1b1e8ce4.zip | |
Sort headers
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
| -rw-r--r-- | .htaccess | 8 | ||||
| -rw-r--r-- | lib/private/legacy/response.php | 8 |
2 files changed, 8 insertions, 8 deletions
diff --git a/.htaccess b/.htaccess index ba9ec86081a..a81b6765267 100644 --- a/.htaccess +++ b/.htaccess @@ -11,13 +11,13 @@ <IfModule mod_env.c> # Add security and privacy related headers + Header set Referrer-Policy "no-referrer" Header set X-Content-Type-Options "nosniff" - Header set X-XSS-Protection "1; mode=block" - Header set X-Robots-Tag "none" Header set X-Download-Options "noopen" - Header set X-Permitted-Cross-Domain-Policies "none" - Header set Referrer-Policy "no-referrer" Header set X-Frame-Options "SAMEORIGIN" + Header set X-Permitted-Cross-Domain-Policies "none" + Header set X-Robots-Tag "none" + Header set X-XSS-Protection "1; mode=block" SetEnv modHeadersAvailable true </IfModule> diff --git a/lib/private/legacy/response.php b/lib/private/legacy/response.php index 01c96c09222..73bafe70c3c 100644 --- a/lib/private/legacy/response.php +++ b/lib/private/legacy/response.php @@ -98,13 +98,13 @@ class OC_Response { // Send fallback headers for installations that don't have the possibility to send // custom headers on the webserver side if(getenv('modHeadersAvailable') !== 'true') { - header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters + header('Referrer-Policy: no-referrer'); // https://www.w3.org/TR/referrer-policy/ header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE - header('X-Robots-Tag: none'); // https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag header('X-Download-Options: noopen'); // https://msdn.microsoft.com/en-us/library/jj542450(v=vs.85).aspx - header('X-Permitted-Cross-Domain-Policies: none'); // https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html - header('Referrer-Policy: no-referrer'); // https://www.w3.org/TR/referrer-policy/ header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains + header('X-Permitted-Cross-Domain-Policies: none'); // https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html + header('X-Robots-Tag: none'); // https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag + header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters } } |