AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-11 08:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adjust content security policy

Browse Source
This commit is contained in:
Marcus Hill
2023-06-17 16:13:02 +01:00
parent 95cd0ebdc8
commit a966bf0282
11 changed files with 17 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
login.php
View File

@@ -1,6 +1,5 @@
<?php <?php
header("X-Frame-Options: DENY");
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com"); header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
if (!file_exists('config.php')) { if (!file_exists('config.php')) {

2
portal/document.php
View File

@@ -4,7 +4,7 @@
* Docs for PTC / technical contacts * Docs for PTC / technical contacts
*/ */
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com"); header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
require_once("inc_portal.php"); require_once("inc_portal.php");

2
portal/documents.php
View File

@@ -4,7 +4,7 @@
* Docs for PTC / technical contacts * Docs for PTC / technical contacts
*/ */
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com"); header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
require_once("inc_portal.php"); require_once("inc_portal.php");

2
portal/index.php
View File

@@ -4,7 +4,7 @@
* Landing / Home page for the client portal * Landing / Home page for the client portal
*/ */
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com"); header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
require_once("inc_portal.php"); require_once("inc_portal.php");

2
portal/invoices.php
View File

@@ -4,7 +4,7 @@
* Invoices for PTC * Invoices for PTC
*/ */
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com"); header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
require_once("inc_portal.php"); require_once("inc_portal.php");

14
portal/login.php
View File

@@ -4,9 +4,7 @@
* Landing / Home page for the client portal * Landing / Home page for the client portal
*/ */
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com"); header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
header("X-Frame-Options: DENY");
$session_company_id = 1; $session_company_id = 1;
require_once('../config.php'); require_once('../config.php');
@@ -162,19 +160,15 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
<!-- jQuery --> <!-- jQuery -->
<script src="../plugins/jquery/jquery.min.js"></script> <script src="../plugins/jquery/jquery.min.js"></script>
<!-- Bootstrap 4 --> <!-- Bootstrap 4 -->
<script src="../plugins/bootstrap/js/bootstrap.bundle.min.js"></script> <script src="../plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
<!-- AdminLTE App --> <!-- AdminLTE App -->
<script src="../dist/js/adminlte.min.js"></script> <script src="../dist/js/adminlte.min.js"></script>
<script src="../plugins/Show-Hide-Passwords-Bootstrap-4/bootstrap-show-password.min.js"></script>
<!-- Prevents resubmit on refresh or back --> <!-- Prevents resubmit on refresh or back -->
<script> <script src="../js/login_prevent_resubmit.js"></script>
if (window.history.replaceState) {
window.history.replaceState(null,null,window.location.href);
}
</script>
</body> </body>
</html> </html>

0
portal/login_create.php
View File

12
portal/login_reset.php
View File

@@ -4,6 +4,8 @@
* Password reset page * Password reset page
*/ */
header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
$session_company_id = 1; $session_company_id = 1;
require_once('../config.php'); require_once('../config.php');
require_once('../functions.php'); require_once('../functions.php');
@@ -274,19 +276,15 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
<!-- jQuery --> <!-- jQuery -->
<script src="../plugins/jquery/jquery.min.js"></script> <script src="../plugins/jquery/jquery.min.js"></script>
<!-- Bootstrap 4 --> <!-- Bootstrap 4 -->
<script src="../plugins/bootstrap/js/bootstrap.bundle.min.js"></script> <script src="../plugins/bootstrap/js/bootstrap.bundle.min.js"></script>
<!-- AdminLTE App --> <!-- AdminLTE App -->
<script src="../dist/js/adminlte.min.js"></script> <script src="../dist/js/adminlte.min.js"></script>
<script src="../plugins/Show-Hide-Passwords-Bootstrap-4/bootstrap-show-password.min.js"></script>
<!-- Prevents resubmit on refresh or back --> <!-- Prevents resubmit on refresh or back -->
<script> <script src="../js/login_prevent_resubmit.js"></script>
if (window.history.replaceState) {
window.history.replaceState(null,null,window.location.href);
}
</script>
</body> </body>
</html> </html>

2
portal/profile.php
View File

@@ -4,7 +4,7 @@
* User profile * User profile
*/ */
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com"); header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
require_once('inc_portal.php'); require_once('inc_portal.php');
?> ?>

2
portal/quotes.php
View File

@@ -4,7 +4,7 @@
* Quotes for PTC / billing contacts * Quotes for PTC / billing contacts
*/ */
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com"); header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
require_once("inc_portal.php"); require_once("inc_portal.php");

2
portal/tickets.php
View File

@@ -4,7 +4,7 @@
* Landing / Home page for the client portal * Landing / Home page for the client portal
*/ */
header("Content-Security-Policy: default-src 'self' https: fonts.googleapis.com"); header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
require_once("inc_portal.php"); require_once("inc_portal.php");