fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-02 16:52:16 +09:00
Code Issues Projects Releases Packages Wiki Activity

Add security options to add X-Frame-Options and X-Content-Type-Options headers

Browse source 
- 보안 관련하여 널리 알려진 헤더 3종 가운데 2종을 기본 지원
- X-XSS-Protection 헤더는 IE 지원 종료로 불필요
This commit is contained in:
Kijin Sung 2023-06-18 23:33:41 +09:00
parent e3ce2bcbcc
commit 5ba6346bec
6 changed files with 66 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

41
modules/admin/tpl/config_security.html
View file

@ -45,17 +45,6 @@
<p class="x_help-block">{$lang->about_admin_ip_deny}</p>
</div>
</div>
<div class="x_control-group">
<label class="x_control-label">{$lang->use_samesite}</label>
<div class="x_controls">
<label for="use_samesite_strict" class="x_inline"><input type="radio" name="use_samesite" id="use_samesite_strict" value="Strict" checked="checked"|cond="$use_samesite === 'Strict'" /> Strict</label>
<label for="use_samesite_lax" class="x_inline"><input type="radio" name="use_samesite" id="use_samesite_lax" value="Lax" checked="checked"|cond="$use_samesite === 'Lax'" /> Lax</label>
<label for="use_samesite_none" class="x_inline"><input type="radio" name="use_samesite" id="use_samesite_none" value="None" checked="checked"|cond="$use_samesite === 'None'" disabled="disabled"|cond="!$use_session_ssl || $site_module_info->security !== 'always'" /> None</label>
<label for="use_samesite_empty" class="x_inline"><input type="radio" name="use_samesite" id="use_samesite_empty" value="" checked="checked"|cond="!$use_samesite" /> {$lang->use_samesite_empty}</label>
<br />
<p class="x_help-block">{$lang->about_use_samesite}</p>
</div>
</div>
<div class="x_control-group">
<label class="x_control-label">{$lang->use_session_keys}</label>
<div class="x_controls">
@ -101,6 +90,36 @@
<p class="x_help-block">{$lang->about_use_nofollow}</p>
</div>
</div>
<div class="x_control-group">
<label class="x_control-label">{$lang->use_samesite}</label>
<div class="x_controls">
<label for="use_samesite_strict" class="x_inline"><input type="radio" name="use_samesite" id="use_samesite_strict" value="Strict" checked="checked"|cond="$use_samesite === 'Strict'" /> Strict</label>
<label for="use_samesite_lax" class="x_inline"><input type="radio" name="use_samesite" id="use_samesite_lax" value="Lax" checked="checked"|cond="$use_samesite === 'Lax'" /> Lax</label>
<label for="use_samesite_none" class="x_inline"><input type="radio" name="use_samesite" id="use_samesite_none" value="None" checked="checked"|cond="$use_samesite === 'None'" disabled="disabled"|cond="!$use_session_ssl || $site_module_info->security !== 'always'" /> None</label>
<label for="use_samesite_empty" class="x_inline"><input type="radio" name="use_samesite" id="use_samesite_empty" value="" checked="checked"|cond="!$use_samesite" /> {$lang->use_samesite_empty}</label>
<br />
<p class="x_help-block">{$lang->about_use_samesite}</p>
</div>
</div>
<div class="x_control-group">
<label class="x_control-label">X-Frame-Options</label>
<div class="x_controls">
<label for="x_frame_options_deny" class="x_inline"><input type="radio" name="x_frame_options" id="x_frame_options_deny" value="DENY" checked="checked"|cond="$x_frame_options === 'DENY'" /> Deny</label>
<label for="x_frame_options_sameorigin" class="x_inline"><input type="radio" name="x_frame_options" id="x_frame_options_sameorigin" value="SAMEORIGIN" checked="checked"|cond="$x_frame_options === 'SAMEORIGIN'" /> SameOrigin</label>
<label for="x_frame_options_empty" class="x_inline"><input type="radio" name="x_frame_options" id="x_frame_options_empty" value="" checked="checked"|cond="!$x_frame_options" /> {$lang->use_samesite_empty}</label>
<br />
<p class="x_help-block">{$lang->about_x_frame_options}</p>
</div>
</div>
<div class="x_control-group">
<label class="x_control-label">X-Content-Type-Options</label>
<div class="x_controls">
<label for="x_content_type_options_nosniff" class="x_inline"><input type="radio" name="x_content_type_options" id="x_content_type_options_nosniff" value="nosniff" checked="checked"|cond="$x_content_type_options === 'nosniff'" /> nosniff</label>
<label for="x_content_type_options_empty" class="x_inline"><input type="radio" name="x_content_type_options" id="x_content_type_options_empty" value="" checked="checked"|cond="!$x_content_type_options" /> {$lang->use_samesite_empty}</label>
<br />
<p class="x_help-block">{$lang->about_x_content_type_options}</p>
</div>
</div>
<div class="x_clearfix btnArea">
<div class="x_pull-right">
<button type="submit" class="x_btn x_btn-primary">{$lang->cmd_save}</button>