|
|
|
@ -110,7 +110,7 @@ Http::Response AbstractWebApplication::processRequest(const Http::Request &reque |
|
|
|
header(Http::HEADER_X_FRAME_OPTIONS, "SAMEORIGIN"); |
|
|
|
header(Http::HEADER_X_FRAME_OPTIONS, "SAMEORIGIN"); |
|
|
|
header(Http::HEADER_X_XSS_PROTECTION, "1; mode=block"); |
|
|
|
header(Http::HEADER_X_XSS_PROTECTION, "1; mode=block"); |
|
|
|
header(Http::HEADER_X_CONTENT_TYPE_OPTIONS, "nosniff"); |
|
|
|
header(Http::HEADER_X_CONTENT_TYPE_OPTIONS, "nosniff"); |
|
|
|
header(Http::HEADER_CONTENT_SECURITY_POLICY, "default-src 'self' 'unsafe-inline' 'unsafe-eval';"); |
|
|
|
header(Http::HEADER_CONTENT_SECURITY_POLICY, "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; object-src 'none';"); |
|
|
|
|
|
|
|
|
|
|
|
sessionInitialize(); |
|
|
|
sessionInitialize(); |
|
|
|
if (!sessionActive() && !isAuthNeeded()) |
|
|
|
if (!sessionActive() && !isAuthNeeded()) |
|
|
|
|
Mike Tzou
7 years ago
committed by