Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Remove deprecated header

Browse Source
This commit is contained in:
Laurent Destailleur
2018-04-30 15:31:05 +02:00
parent 32ace6a8cf
commit 56be581a98
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/main.inc.php
View File

@@ -1084,7 +1084,7 @@ function top_httphead($contenttype='text/html', $forcenocache=0)
// Security options // Security options
header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on) header("X-Content-Type-Options: nosniff"); // With the nosniff option, if the server says the content is text/html, the browser will render it as text/html (note that most browsers now force this option to on)
header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks) header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)
header("X-XSS-Protection: 1"); // Enable XSS protection of some browsers (note: use of Content-Security-Policy is more efficient) //header("X-XSS-Protection: 1"); // XSS protection of some browsers (note: use of Content-Security-Policy is more efficient). Disabled as deprecated.
if (! defined('FORCECSP')) if (! defined('FORCECSP'))
{ {
//if (! isset($conf->global->MAIN_HTTP_CONTENT_SECURITY_POLICY)) //if (! isset($conf->global->MAIN_HTTP_CONTENT_SECURITY_POLICY))