summaryrefslogtreecommitdiffstats
path: root/lib/base.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/base.php')
-rw-r--r--lib/base.php32
1 files changed, 2 insertions, 30 deletions
diff --git a/lib/base.php b/lib/base.php
index d011a2e9e28..aa5a9d0010a 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -175,7 +175,7 @@ class OC {
OC::$SERVERROOT . '/lib/private' . PATH_SEPARATOR .
OC::$SERVERROOT . '/config' . PATH_SEPARATOR .
OC::$THIRDPARTYROOT . '/3rdparty' . PATH_SEPARATOR .
- implode($paths, PATH_SEPARATOR) . PATH_SEPARATOR .
+ implode(PATH_SEPARATOR, $paths) . PATH_SEPARATOR .
get_include_path() . PATH_SEPARATOR .
OC::$SERVERROOT
);
@@ -212,34 +212,6 @@ class OC {
}
}
- /*
- * This function adds some security related headers to all requests served via base.php
- * The implementation of this function has to happen here to ensure that all third-party
- * components (e.g. SabreDAV) also benefit from this headers.
- */
- public static function addSecurityHeaders() {
- header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters
- header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
-
- // iFrame Restriction Policy
- $xFramePolicy = OC_Config::getValue('xframe_restriction', true);
- if($xFramePolicy) {
- header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains
- }
-
- // Content Security Policy
- // If you change the standard policy, please also change it in config.sample.php
- $policy = OC_Config::getValue('custom_csp_policy',
- 'default-src \'self\'; '
- .'script-src \'self\' \'unsafe-eval\'; '
- .'style-src \'self\' \'unsafe-inline\'; '
- .'frame-src *; '
- .'img-src *; '
- .'font-src \'self\' data:; '
- .'media-src *');
- header('Content-Security-Policy:'.$policy);
- }
-
public static function checkSSL() {
// redirect to https site if configured
if (OC_Config::getValue("forcessl", false)) {
@@ -554,7 +526,7 @@ class OC {
self::checkConfig();
self::checkInstalled();
self::checkSSL();
- self::addSecurityHeaders();
+ OC_Response::addSecurityHeaders();
$errors = OC_Util::checkServer();
if (count($errors) > 0) {
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-03 21:58:38 +0000