CSP - Client Portal Test

Add initial content security policy trial/test to some client portal pages

portal/index.php

@@ -4,6 +4,8 @@
  * Landing / Home page for the client portal
  */
 
+header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
+
 require_once("inc_portal.php");
 
 ?>

portal/invoices.php

@@ -4,6 +4,8 @@
  * Invoices for PTC
  */
 
+header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
+
 require_once("inc_portal.php");
 
 if ($session_contact_id !== $session_client_primary_contact_id && !$session_contact_is_billing_contact) {

portal/login.php

@@ -4,6 +4,8 @@
  * Landing / Home page for the client portal
  */
 
+header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
+
 header("X-Frame-Options: DENY");
 
 $session_company_id = 1;

portal/portal_header.php

@@ -4,7 +4,7 @@
  * HTML Header
  */
 
-header("X-Frame-Options: DENY");
+header("X-Frame-Options: DENY"); // Legacy
 ?>
 
 <!DOCTYPE html>
@@ -12,7 +12,7 @@ header("X-Frame-Options: DENY");
 <head>
     <meta charset="utf-8">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <title><?php echo htmlentities($company_name); ?> | Client Portal - Tickets</title>
+    <title><?php echo htmlentities($company_name); ?> | Client Portal</title>
 
     <!-- Tell the browser to be responsive to screen width -->
     <meta name="viewport" content="width=device-width, initial-scale=1">

portal/profile.php

@@ -4,6 +4,8 @@
  * User profile
  */
 
+header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
+
 require_once('inc_portal.php');
 ?>
 

portal/tickets.php

@@ -4,6 +4,8 @@
  * Landing / Home page for the client portal
  */
 
+header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
+
 require_once("inc_portal.php");
 
 // Ticket status from GET