aboutsummaryrefslogtreecommitdiffstats
path: root/apps/settings/lib/SetupChecks/SecurityHeaders.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/settings/lib/SetupChecks/SecurityHeaders.php')
-rw-r--r--apps/settings/lib/SetupChecks/SecurityHeaders.php16
1 files changed, 8 insertions, 8 deletions
diff --git a/apps/settings/lib/SetupChecks/SecurityHeaders.php b/apps/settings/lib/SetupChecks/SecurityHeaders.php
index b85ab9b4018..ed4e56218da 100644
--- a/apps/settings/lib/SetupChecks/SecurityHeaders.php
+++ b/apps/settings/lib/SetupChecks/SecurityHeaders.php
@@ -65,16 +65,16 @@ class SecurityHeaders implements ISetupCheck {
$value = preg_replace('/,\s+/', ',', strtolower($response->getHeader($header)));
if ($value !== $expected) {
if ($accepted !== null && $value === $accepted) {
- $msg .= $this->l10n->t('- The `%1$s` HTTP header is not set to `%2$s`. Some features might not work correctly, as it is recommended to adjust this setting accordingly.', [$header, $expected])."\n";
+ $msg .= $this->l10n->t('- The `%1$s` HTTP header is not set to `%2$s`. Some features might not work correctly, as it is recommended to adjust this setting accordingly.', [$header, $expected]) . "\n";
} else {
- $msg .= $this->l10n->t('- The `%1$s` HTTP header is not set to `%2$s`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', [$header, $expected])."\n";
+ $msg .= $this->l10n->t('- The `%1$s` HTTP header is not set to `%2$s`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', [$header, $expected]) . "\n";
}
}
}
$xssFields = array_map('trim', explode(';', $response->getHeader('X-XSS-Protection')));
if (!in_array('1', $xssFields) || !in_array('mode=block', $xssFields)) {
- $msg .= $this->l10n->t('- The `%1$s` HTTP header does not contain `%2$s`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', ['X-XSS-Protection', '1; mode=block'])."\n";
+ $msg .= $this->l10n->t('- The `%1$s` HTTP header does not contain `%2$s`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', ['X-XSS-Protection', '1; mode=block']) . "\n";
}
$referrerPolicy = $response->getHeader('Referrer-Policy');
@@ -89,7 +89,7 @@ class SecurityHeaders implements ISetupCheck {
'strict-origin-when-cross-origin',
'same-origin',
]
- )."\n";
+ ) . "\n";
$msgParameters['w3c-recommendation'] = [
'type' => 'highlight',
'id' => 'w3c-recommendation',
@@ -103,17 +103,17 @@ class SecurityHeaders implements ISetupCheck {
if (preg_match('/^max-age=(\d+)(;.*)?$/', $transportSecurityValidity, $m)) {
$transportSecurityValidity = (int)$m[1];
if ($transportSecurityValidity < $minimumSeconds) {
- $msg .= $this->l10n->t('- The `Strict-Transport-Security` HTTP header is not set to at least `%d` seconds (current value: `%d`). For enhanced security, it is recommended to use a long HSTS policy.', [$minimumSeconds, $transportSecurityValidity])."\n";
+ $msg .= $this->l10n->t('- The `Strict-Transport-Security` HTTP header is not set to at least `%d` seconds (current value: `%d`). For enhanced security, it is recommended to use a long HSTS policy.', [$minimumSeconds, $transportSecurityValidity]) . "\n";
}
} elseif (!empty($transportSecurityValidity)) {
- $msg .= $this->l10n->t('- The `Strict-Transport-Security` HTTP header is malformed: `%s`. For enhanced security, it is recommended to enable HSTS.', [$transportSecurityValidity])."\n";
+ $msg .= $this->l10n->t('- The `Strict-Transport-Security` HTTP header is malformed: `%s`. For enhanced security, it is recommended to enable HSTS.', [$transportSecurityValidity]) . "\n";
} else {
- $msg .= $this->l10n->t('- The `Strict-Transport-Security` HTTP header is not set (should be at least `%d` seconds). For enhanced security, it is recommended to enable HSTS.', [$minimumSeconds])."\n";
+ $msg .= $this->l10n->t('- The `Strict-Transport-Security` HTTP header is not set (should be at least `%d` seconds). For enhanced security, it is recommended to enable HSTS.', [$minimumSeconds]) . "\n";
}
if (!empty($msg)) {
return SetupResult::warning(
- $this->l10n->t('Some headers are not set correctly on your instance')."\n".$msg,
+ $this->l10n->t('Some headers are not set correctly on your instance') . "\n" . $msg,
$this->urlGenerator->linkToDocs('admin-security'),
$msgParameters,
);
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-31 10:57:03 +0000