fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-04 01:01:41 +09:00
Code Issues Projects Releases Packages Wiki Activity

Add admin setting to control the httpOnly attribute

Browse source
This commit is contained in:
Kijin Sung 2023-07-22 20:17:23 +09:00
parent 56b37b7cbc
commit a2932ee8c8
6 changed files with 36 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/admin/lang/en.php
View file

@ -165,9 +165,11 @@ $lang->mediafilter_classes = 'Allow HTML class';
$lang->about_mediafilter_classes = 'This list defines the list of class attributes that users are allowed to use in HTML content.<br />Allowing classes that conflict with your site\'s design or functionality may cause breakage or confusing results.<br />This restriction does not apply to the administrator.';
$lang->robot_user_agents = 'Robot user-agent';
$lang->about_robot_user_agents = 'This list defines the list of browser user-agent strings that will be treated as robots, in addition to the usual search engines.<br />This may help prevent excessive server load and traffic due to malicious bots.';
$lang->use_httponly = 'HttpOnly attribute';
$lang->about_use_httponly = 'Reduce the risk of XSS attacks by blocking JavaScript access to session cookies.';
$lang->use_samesite = 'SameSite attribute';
$lang->use_samesite_empty = 'Do not use';
$lang->about_use_samesite = 'Set the SameSite attribute for session cookies and session keys.<br>Lax is the recommended setting for most sites. You may need to use None if you are having difficulties integrating with external services such as payment gateways.<br>However, None is only valid when used with SSL-only sessions.';
$lang->about_use_samesite = 'Set the SameSite attribute for session cookies.<br>Lax is the recommended setting for most sites. You may need to use None if you are having difficulties integrating with external services such as payment gateways.<br>However, None is only valid when used with SSL-only sessions.';
$lang->about_x_frame_options = 'Block loading this site in an iframe from another site. This helps prevent clickjacking attacks.<br />SameOrigin is recommended for most sites. Deny will make iframes stop working even on this site.<br />Do not use this setting if you have already enabled the X-Frame-Options header in your server configuration.';
$lang->about_x_content_type_options = 'Prevent browser sniffing of MIME types of documents and attached files.<br />Do not use this setting if you have already enabled the X-Content-Type-Options header in your server configuration.';
$lang->use_session_ssl = 'Use SSL-only session';