Merge pull request #1128 from itflow-org/font-tidy

Stop using Source Sans Pro intermittently for some pages

login.php

@@ -1,7 +1,7 @@
 <?php
 
 // Enforce a Content Security Policy for security against cross-site scripting
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 if (!file_exists('config.php')) {
     header("Location: setup.php");
@@ -316,8 +316,7 @@ if (isset($_POST['login'])) {
 
     <!-- Theme style -->
     <link rel="stylesheet" href="dist/css/adminlte.min.css">
-    <!-- Google Font: Source Sans Pro -->
-    <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
+
 </head>
 <body class="hold-transition login-page">
 

portal/certificates.php

@@ -4,7 +4,7 @@
 * Certificate listing for PTC / technical contacts
 */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";
 

portal/contact_add.php

@@ -4,7 +4,7 @@
  * Contact management for PTC / technical contacts
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";
 

portal/contact_edit.php

@@ -4,7 +4,7 @@
  * Contact management for PTC / technical contacts
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";
 

portal/contacts.php

@@ -4,7 +4,7 @@
 * Contact management for PTC / technical contacts
 */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";
 

portal/document.php

@@ -4,7 +4,7 @@
  * Docs for PTC / technical contacts
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com; img-src 'self' data:");
+header("Content-Security-Policy: default-src 'self'; img-src 'self' data:");
 
 require_once "inc_portal.php";
 

portal/documents.php

@@ -4,7 +4,7 @@
  * Docs for PTC / technical contacts
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";
 

portal/domains.php

@@ -4,7 +4,7 @@
 * Domain listing for PTC / technical contacts
 */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";
 

portal/index.php

@@ -4,7 +4,7 @@
  * Landing / Home page for the client portal
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";
 

portal/invoices.php

@@ -4,7 +4,7 @@
  * Invoices for PTC
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";
 

portal/login.php

@@ -4,7 +4,7 @@
  * Landing / Home page for the client portal
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once '../config.php';
 
@@ -50,13 +50,13 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
     $password = $_POST['password'];
 
     if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
-        
+
         header("HTTP/1.1 401 Unauthorized");
-        
+
         $_SESSION['login_message'] = 'Invalid e-mail';
-    
+
     } else {
-        
+
         $sql = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN contacts ON user_id = contact_user_id WHERE user_email = '$email' AND user_archived_at IS NULL AND user_type = 2 AND user_status = 1 LIMIT 1");
         $row = mysqli_fetch_array($sql);
         $client_id = intval($row['contact_client_id']);
@@ -82,7 +82,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
                 logAction("Client Login", "Success", "Client contact $user_email successfully logged in locally", $client_id, $user_id);
 
             } else {
-                
+
                 // Logging
                 logAction("Client Login", "Failed", "Failed client portal login attempt using $email (incorrect password for contact ID $contact_id)", $client_id, $user_id);
 
@@ -92,14 +92,14 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
             }
 
         } else {
-            
+
             // Logging
             logAction("Client Login", "Failed", "Failed client portal login attempt using $email (invalid email/not allowed local auth)");
-            
+
             header("HTTP/1.1 401 Unauthorized");
-            
+
             $_SESSION['login_message'] = 'Incorrect username or password.';
-        
+
         }
     }
 }
@@ -127,8 +127,6 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
         <!-- Theme style -->
         <link rel="stylesheet" href="../dist/css/adminlte.min.css">
 
-        <!-- Google Font: Source Sans Pro -->
-        <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
     </head>
 
     <body class="hold-transition login-page">

portal/login_reset.php

@@ -4,7 +4,7 @@
  * Password reset page
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once '../config.php';
 require_once '../functions.php';
@@ -195,8 +195,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
     <!-- Theme style -->
     <link rel="stylesheet" href="../dist/css/adminlte.min.css">
 
-    <!-- Google Font: Source Sans Pro -->
-    <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
 </head>
 
 <body class="hold-transition login-page">

portal/portal_header.php

@@ -29,8 +29,6 @@ header("X-Frame-Options: DENY"); // Legacy
     <!-- Theme style -->
     <link rel="stylesheet" href="../dist/css/adminlte.min.css">
 
-    <!-- Google Font: Source Sans Pro -->
-    <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
 </head>
 
 <!-- Navbar -->

portal/profile.php

@@ -4,7 +4,7 @@
  * User profile
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once 'inc_portal.php';
 

portal/quotes.php

@@ -4,7 +4,7 @@
  * Quotes for PTC / billing contacts
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";
 

portal/tickets.php

@@ -4,7 +4,7 @@
  * Landing / Home page for the client portal
  */
 
-header("Content-Security-Policy: default-src 'self' fonts.googleapis.com fonts.gstatic.com");
+header("Content-Security-Policy: default-src 'self'");
 
 require_once "inc_portal.php";