mirror of https://github.com/itflow-org/itflow
Adjust content security policy
This commit is contained in:
Marcus Hill
parent
95cd0ebdc8
commit
a966bf0282
|
|
@ -1,6 +1,5 @@
|
|||
<?php
|
||||
|
||||
header("X-Frame-Options: DENY");
|
||||
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
|
||||
|
||||
if (!file_exists('config.php')) {
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
* Docs for PTC / technical contacts
|
||||
*/
|
||||
|
||||
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
|
||||
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
|
||||
|
||||
require_once("inc_portal.php");
|
||||
|
||||
|
|
@ -57,7 +57,7 @@ $document_content = $purifier->purify($row['document_content']);
|
|||
</div>
|
||||
|
||||
<br>
|
||||
|
||||
|
||||
<div class="card">
|
||||
<div class="card-body">
|
||||
<h3><?php echo $document_name; ?></h3>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
* Docs for PTC / technical contacts
|
||||
*/
|
||||
|
||||
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
|
||||
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
|
||||
|
||||
require_once("inc_portal.php");
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
* Landing / Home page for the client portal
|
||||
*/
|
||||
|
||||
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
|
||||
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
|
||||
|
||||
require_once("inc_portal.php");
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
* Invoices for PTC
|
||||
*/
|
||||
|
||||
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
|
||||
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
|
||||
|
||||
require_once("inc_portal.php");
|
||||
|
||||
|
|
|
|||
|
|
@ -4,9 +4,7 @@
|
|||
* Landing / Home page for the client portal
|
||||
*/
|
||||
|
||||
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
|
||||
|
||||
header("X-Frame-Options: DENY");
|
||||
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
|
||||
|
||||
$session_company_id = 1;
|
||||
require_once('../config.php');
|
||||
|
|
@ -162,19 +160,15 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
|
|||
|
||||
<!-- jQuery -->
|
||||
<script src="../plugins/jquery/jquery.min.js"></script>
|
||||
|
||||
<!-- Bootstrap 4 -->
|
||||
<script src="../plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
|
||||
|
||||
<!-- AdminLTE App -->
|
||||
<script src="../dist/js/adminlte.min.js"></script>
|
||||
|
||||
<script src="../plugins/Show-Hide-Passwords-Bootstrap-4/bootstrap-show-password.min.js"></script>
|
||||
|
||||
<!-- Prevents resubmit on refresh or back -->
|
||||
<script>
|
||||
if (window.history.replaceState) {
|
||||
window.history.replaceState(null,null,window.location.href);
|
||||
}
|
||||
</script>
|
||||
<script src="../js/login_prevent_resubmit.js"></script>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -4,6 +4,8 @@
|
|||
* Password reset page
|
||||
*/
|
||||
|
||||
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
|
||||
|
||||
$session_company_id = 1;
|
||||
require_once('../config.php');
|
||||
require_once('../functions.php');
|
||||
|
|
@ -274,19 +276,15 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
|
|||
|
||||
<!-- jQuery -->
|
||||
<script src="../plugins/jquery/jquery.min.js"></script>
|
||||
|
||||
<!-- Bootstrap 4 -->
|
||||
<script src="../plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
|
||||
|
||||
<!-- AdminLTE App -->
|
||||
<script src="../dist/js/adminlte.min.js"></script>
|
||||
|
||||
<script src="../plugins/Show-Hide-Passwords-Bootstrap-4/bootstrap-show-password.min.js"></script>
|
||||
|
||||
<!-- Prevents resubmit on refresh or back -->
|
||||
<script>
|
||||
if (window.history.replaceState) {
|
||||
window.history.replaceState(null,null,window.location.href);
|
||||
}
|
||||
</script>
|
||||
<script src="../js/login_prevent_resubmit.js"></script>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
* User profile
|
||||
*/
|
||||
|
||||
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
|
||||
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
|
||||
|
||||
require_once('inc_portal.php');
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
* Quotes for PTC / billing contacts
|
||||
*/
|
||||
|
||||
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
|
||||
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
|
||||
|
||||
require_once("inc_portal.php");
|
||||
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
* Landing / Home page for the client portal
|
||||
*/
|
||||
|
||||
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com");
|
||||
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
|
||||
|
||||
require_once("inc_portal.php");
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue