Commit fff86020 authored by Thomas Bella's avatar Thomas Bella

Add Content-Type and CSP headers

Additionally force UTF-8 and allow only specific domains within CSP
parent 6ddb325d
Pipeline #304 passed with stage
in 23 seconds
<?php
session_start();
header('Content-Type: text/html; Charset=UTF-8');
header('Content-Security-Policy: default-src \'self\' \'unsafe-inline\' ururl.tk maxcdn.bootstrapcdn.com code.jquery.com;');
// logout
if( isset($_GET["logout"]) && !empty($_SESSION["active"]) ){
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment