mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-01-06 10:11:38 +09:00
04bb0493c7
- 세션 쿠키, 세션 보안키 등에 SameSite 속성을 적용할 수 있는 기능 추가 (시스템 설정 -> 보안 설정) - 일반적인 사이트는 Lax를 권장함, PG사 연동 오류 등의 경우 None 사용 - None 사용시 크롬 80부터는 SSL 전용 세션으로 지정해야 함 - Rhymix\Framework\Session에서 쿠키 관련 루틴들 정리 - PHP 7.3 이상, 7.2 이하 버전으로 나누어 처리
113 lines
7.1 KiB
HTML
113 lines
7.1 KiB
HTML
<config autoescape="on" />
|
|
|
|
<include target="config_header.html" />
|
|
|
|
<div cond="$XE_VALIDATOR_MESSAGE && $XE_VALIDATOR_ID == 'modules/admin/tpl/config_security/1'" class="message {$XE_VALIDATOR_MESSAGE_TYPE}">
|
|
<p>{$XE_VALIDATOR_MESSAGE}</p>
|
|
</div>
|
|
<section class="section">
|
|
<form action="./" method="post" class="x_form-horizontal">
|
|
<input type="hidden" name="module" value="admin" />
|
|
<input type="hidden" name="act" value="procAdminUpdateSecurity" />
|
|
<input type="hidden" name="xe_validator_id" value="modules/admin/tpl/config_security/1" />
|
|
<div class="x_control-group">
|
|
<label class="x_control-label" for="mediafilter_iframe">iframe</label>
|
|
<div class="x_controls" style="margin-right:14px">
|
|
<textarea name="mediafilter_iframe" id="mediafilter_iframe" rows="8" style="width:100%;">{$mediafilter_iframe}</textarea>
|
|
</div>
|
|
</div>
|
|
<div class="x_control-group">
|
|
<label class="x_control-label" for="mediafilter_object">object/embed</label>
|
|
<div class="x_controls" style="margin-right:14px">
|
|
<textarea name="mediafilter_object" id="mediafilter_object" rows="8" style="width:100%;">{$mediafilter_object}</textarea>
|
|
</div>
|
|
</div>
|
|
<div class="x_control-group">
|
|
<label class="x_control-label" for="mediafilter_classes">HTML class</label>
|
|
<div class="x_controls" style="margin-right:14px">
|
|
<textarea name="mediafilter_classes" id="mediafilter_classes" rows="4" style="width:100%;">{$mediafilter_classes}</textarea>
|
|
</div>
|
|
</div>
|
|
<div class="x_control-group">
|
|
<label class="x_control-label" for="robot_user_agents">Robot User Agents</label>
|
|
<div class="x_controls" style="margin-right:14px">
|
|
<textarea name="robot_user_agents" id="robot_user_agents" rows="4" style="width:100%;">{$robot_user_agents}</textarea>
|
|
</div>
|
|
</div>
|
|
<div class="x_control-group">
|
|
<label class="x_control-label" for="admin_allowed_ip">{$lang->admin_ip_allow}</label>
|
|
<div class="x_controls">
|
|
<textarea name="admin_allowed_ip" id="admin_allowed_ip" rows="4" cols="42" placeholder="{$remote_addr} ({$lang->local_ip_address})" style="margin-right:10px">{$admin_allowed_ip}</textarea>
|
|
<p class="x_help-block">{$lang->about_admin_ip_allow}</p>
|
|
</div>
|
|
</div>
|
|
<div class="x_control-group">
|
|
<label class="x_control-label" for="admin_denied_ip">{$lang->admin_ip_deny}</label>
|
|
<div class="x_controls">
|
|
<textarea name="admin_denied_ip" id="admin_denied_ip" rows="4" cols="42" style="margin-right:10px">{$admin_denied_ip}</textarea>
|
|
<p class="x_help-block">{$lang->about_admin_ip_deny}</p>
|
|
</div>
|
|
</div>
|
|
<div class="x_control-group">
|
|
<label class="x_control-label">{$lang->use_samesite}</label>
|
|
<div class="x_controls">
|
|
<label for="use_samesite_strict" class="x_inline"><input type="radio" name="use_samesite" id="use_samesite_strict" value="Strict" checked="checked"|cond="$use_samesite === 'Strict'" /> Strict</label>
|
|
<label for="use_samesite_lax" class="x_inline"><input type="radio" name="use_samesite" id="use_samesite_lax" value="Lax" checked="checked"|cond="$use_samesite === 'Lax'" /> Lax</label>
|
|
<label for="use_samesite_none" class="x_inline"><input type="radio" name="use_samesite" id="use_samesite_none" value="None" checked="checked"|cond="$use_samesite === 'None'" /> None</label>
|
|
<label for="use_samesite_empty" class="x_inline"><input type="radio" name="use_samesite" id="use_samesite_empty" value="" checked="checked"|cond="!$use_samesite" /> {$lang->use_samesite_empty}</label>
|
|
<br />
|
|
<p class="x_help-block">{$lang->about_use_samesite}</p>
|
|
</div>
|
|
</div>
|
|
<div class="x_control-group">
|
|
<label class="x_control-label">{$lang->use_session_keys}</label>
|
|
<div class="x_controls">
|
|
<label for="use_session_keys_y" class="x_inline"><input type="radio" name="use_session_keys" id="use_session_keys_y" value="Y" checked="checked"|cond="$use_session_keys !== false" /> {$lang->cmd_yes}</label>
|
|
<label for="use_session_keys_n" class="x_inline"><input type="radio" name="use_session_keys" id="use_session_keys_n" value="N" checked="checked"|cond="$use_session_keys === false" /> {$lang->cmd_no}</label>
|
|
<br />
|
|
<p class="x_help-block">{$lang->about_use_session_keys}</p>
|
|
</div>
|
|
</div>
|
|
<div class="x_control-group">
|
|
<label class="x_control-label">{$lang->use_session_ssl}</label>
|
|
<div class="x_controls">
|
|
<label for="use_session_ssl_y" class="x_inline"><input type="radio" name="use_session_ssl" id="use_session_ssl_y" value="Y" checked="checked"|cond="$use_session_ssl && $site_module_info->security === 'always'" disabled="disabled"|cond="$site_module_info->security !== 'always'" /> {$lang->cmd_yes}</label>
|
|
<label for="use_session_ssl_n" class="x_inline"><input type="radio" name="use_session_ssl" id="use_session_ssl_n" value="N" checked="checked"|cond="!$use_session_ssl || $site_module_info->security !== 'always'" disabled="disabled"|cond="$site_module_info->security !== 'always'" /> {$lang->cmd_no}</label>
|
|
<br />
|
|
<p class="x_help-block">{$lang->about_use_session_ssl}</p>
|
|
</div>
|
|
</div>
|
|
<div class="x_control-group">
|
|
<label class="x_control-label">{$lang->use_cookies_ssl}</label>
|
|
<div class="x_controls">
|
|
<label for="use_cookies_ssl_y" class="x_inline"><input type="radio" name="use_cookies_ssl" id="use_cookies_ssl_y" value="Y" checked="checked"|cond="$use_cookies_ssl && $site_module_info->security === 'always'" disabled="disabled"|cond="$site_module_info->security !== 'always'" /> {$lang->cmd_yes}</label>
|
|
<label for="use_cookies_ssl_n" class="x_inline"><input type="radio" name="use_cookies_ssl" id="use_cookies_ssl_n" value="N" checked="checked"|cond="!$use_cookies_ssl || $site_module_info->security !== 'always'" disabled="disabled"|cond="$site_module_info->security !== 'always'" /> {$lang->cmd_no}</label>
|
|
<br />
|
|
<p class="x_help-block">{$lang->about_use_cookies_ssl}</p>
|
|
</div>
|
|
</div>
|
|
<div class="x_control-group">
|
|
<label class="x_control-label">{$lang->check_csrf_token}</label>
|
|
<div class="x_controls">
|
|
<label for="check_csrf_token_y" class="x_inline"><input type="radio" name="check_csrf_token" id="check_csrf_token_y" value="Y" checked="checked"|cond="$check_csrf_token" /> {$lang->cmd_yes}</label>
|
|
<label for="check_csrf_token_n" class="x_inline"><input type="radio" name="check_csrf_token" id="check_csrf_token_n" value="N" checked="checked"|cond="!$check_csrf_token" /> {$lang->cmd_no}</label>
|
|
<br />
|
|
<p class="x_help-block">{$lang->about_check_csrf_token}</p>
|
|
</div>
|
|
</div>
|
|
<div class="x_control-group">
|
|
<label class="x_control-label">{$lang->use_nofollow}</label>
|
|
<div class="x_controls">
|
|
<label for="use_nofollow_y" class="x_inline"><input type="radio" name="use_nofollow" id="use_nofollow_y" value="Y" checked="checked"|cond="$use_nofollow" /> {$lang->cmd_yes}</label>
|
|
<label for="use_nofollow_n" class="x_inline"><input type="radio" name="use_nofollow" id="use_nofollow_n" value="N" checked="checked"|cond="!$use_nofollow" /> {$lang->cmd_no}</label>
|
|
<br />
|
|
<p class="x_help-block">{$lang->about_use_nofollow}</p>
|
|
</div>
|
|
</div>
|
|
<div class="x_clearfix btnArea">
|
|
<div class="x_pull-right">
|
|
<button type="submit" class="x_btn x_btn-primary">{$lang->cmd_save}</button>
|
|
</div>
|
|
</div>
|
|
</form>
|
|
</section>
|