From 9d1ce53cb1e4f3f8d04de2e442e2928f3e7bab7c Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Thu, 26 Mar 2015 15:30:00 +0100
Subject: Add some generic default headers as well via PHP

---
 lib/private/response.php | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'lib')

diff --git a/lib/private/response.php b/lib/private/response.php
index e0d48c7476b..ba458cb6afd 100644
--- a/lib/private/response.php
+++ b/lib/private/response.php
@@ -229,6 +229,15 @@ class OC_Response {
 			. 'media-src *; ' 
 			. 'connect-src *';
 		header('Content-Security-Policy:' . $policy);
+
+		// Send fallback headers for installations that don't have the possibility to send
+		// custom headers on the webserver side
+		if(getenv('modHeadersAvailable') !== 'true') {
+			header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters
+			header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
+			header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains
+			header('X-Robots-Tag: none'); // https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag
+		}
 	}
 
 }
-- 
cgit v1.2.3