Jingga/phpOMS
1
0
Fork 0
mirror of https://github.com/Karaka-Management/phpOMS.git synced 2026-02-11 22:38:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixes #50

Browse Source 
Security headers are now locked after set once.
This commit is contained in:
Dennis Eichhorn 2016-07-15 17:30:27 +02:00
parent 36726bc850
commit 2b63386f9f
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Message/Http/Header.php
View File

@ -123,9 +123,18 @@ class Header extends HeaderAbstract
throw new \Exception('Already locked'); throw new \Exception('Already locked');
} }
$key = strtolower($key);
if (!$overwrite && isset($this->header[$key])) { if (!$overwrite && isset($this->header[$key])) {
return false; return false;
} elseif ($overwrite) { } elseif ($overwrite && isset($this->header[$key])) {
if($key === 'content-security-policy' ||
$key === 'x-xss-protection' ||
$key === 'x-content-type-options' ||
$key === 'x-frame-options') {
throw new \Exception('Cannot change security headers.');
}
unset($this->header[$key]); unset($this->header[$key]);
} }