1
0
Fork 0

[SITE] new CSP without 'unsafe-inline'

This commit is contained in:
Jannik Beyerstedt 2016-10-15 20:10:34 +02:00
parent 404e6f8d79
commit 30e00e09ad
3 changed files with 5 additions and 5 deletions

View file

@ -1,5 +1,5 @@
<?php <?php
header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://*.youtube-nocookie.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jannikb.aquila.uberspace.de/piwik/; img-src 'self' https://jannikb.aquila.uberspace.de/piwik/"); header("Content-Security-Policy: default-src 'self'; style-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.youtube-nocookie.com; script-src 'self' 'nonce-nRfqpuKWNuYyUAFPTr6WVNZk9' https://jannikb.aquila.uberspace.de/piwik/; img-src 'self' https://jannikb.aquila.uberspace.de/piwik/");
//header("X-Content-Type-Options: nosniff"); // enabled at server-side //header("X-Content-Type-Options: nosniff"); // enabled at server-side
//header("X-Frame-Options: deny"); // enabled at server-side //header("X-Frame-Options: deny"); // enabled at server-side
//header("X-Xss-Protection: 1; mode=block"); // enabled at server-side //header("X-Xss-Protection: 1; mode=block"); // enabled at server-side

View file

@ -1,5 +1,5 @@
<!-- Piwik --> <!-- Piwik -->
<script type="text/javascript"> <script type="text/javascript" nonce="nRfqpuKWNuYyUAFPTr6WVNZk9">
var _paq = _paq || []; var _paq = _paq || [];
_paq.push(['trackPageView']); _paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']); _paq.push(['enableLinkTracking']);

View file

@ -40,7 +40,7 @@ echo js('assets/vendors/bootstrap/js/dist/carousel.js');
?> ?>
<?php if (c::get('plg_masonry.enable') && $plg_masonry==true) : $width = c::get('plg_masonry.width');?> <?php if (c::get('plg_masonry.enable') && $plg_masonry==true) : $width = c::get('plg_masonry.width');?>
<style> <style nonce="nRfqpuKWNuYyUAFPTr6WVNZk9">
#masonry {margin: 0 auto;} #masonry {margin: 0 auto;}
.masonryitem { width: <?php echo $width ?>px; margin-bottom: 10px;} .masonryitem { width: <?php echo $width ?>px; margin-bottom: 10px;}
.masonryitem.w2 { width: 40%; } .masonryitem.w2 { width: 40%; }
@ -48,7 +48,7 @@ echo js('assets/vendors/bootstrap/js/dist/carousel.js');
<?php echo js('assets/vendors/masonry/dist/masonry.pkgd.min.js');?> <?php echo js('assets/vendors/masonry/dist/masonry.pkgd.min.js');?>
<script type="text/javascript"> <script type="text/javascript" nonce="nRfqpuKWNuYyUAFPTr6WVNZk9">
$('#masonry').masonry({ $('#masonry').masonry({
isFitWidth: true, isFitWidth: true,
columnWidth: <?php echo c::get('plg_masonry.width') ?>, columnWidth: <?php echo c::get('plg_masonry.width') ?>,
@ -60,7 +60,7 @@ echo js('assets/vendors/bootstrap/js/dist/carousel.js');
<?php echo js('assets/vendors/swipebox/src/js/jquery.swipebox.min.js');?> <?php echo js('assets/vendors/swipebox/src/js/jquery.swipebox.min.js');?>
<?php echo css('assets/vendors/swipebox/src/css/swipebox.css') ?> <?php echo css('assets/vendors/swipebox/src/css/swipebox.css') ?>
<script type="text/javascript"> <script type="text/javascript" nonce="nRfqpuKWNuYyUAFPTr6WVNZk9">
$(document).ready(function () { $(document).ready(function () {
$('.swipebox' ).swipebox(); $('.swipebox' ).swipebox();
}); });