Update dependencies, and set a more locked-down content security policy

This commit is contained in:
Timothy Warren 2017-04-13 15:08:28 -04:00
parent ac13d57634
commit 921d594931
2 changed files with 9 additions and 2 deletions

View File

@ -21,7 +21,7 @@
"aura/router": "^3.0", "aura/router": "^3.0",
"aura/session": "^2.0", "aura/session": "^2.0",
"aviat/banker": "^1.0.0", "aviat/banker": "^1.0.0",
"aviat/ion": "^2.0.0", "aviat/ion": "^2.1.0",
"monolog/monolog": "^1.0", "monolog/monolog": "^1.0",
"psr/http-message": "~1.0", "psr/http-message": "~1.0",
"psr/log": "~1.0", "psr/log": "~1.0",
@ -37,7 +37,7 @@
"phploc/phploc": "^3.0", "phploc/phploc": "^3.0",
"phpmd/phpmd": "^2.4", "phpmd/phpmd": "^2.4",
"phpunit/phpunit": "^6.0", "phpunit/phpunit": "^6.0",
"robmorgan/phinx": "~0.6.4", "robmorgan/phinx": "^0.8.0",
"consolidation/robo": "~1.0", "consolidation/robo": "~1.0",
"henrikbjorn/lurker": "^1.1.0", "henrikbjorn/lurker": "^1.1.0",
"symfony/var-dumper": "^3.2", "symfony/var-dumper": "^3.2",

View File

@ -239,6 +239,13 @@ class Controller {
*/ */
protected function renderFullPage($view, string $template, array $data) protected function renderFullPage($view, string $template, array $data)
{ {
$csp = [
"default-src 'self'",
"object-src 'none'",
"child-src 'none'",
];
$view->addHeader('Content-Security-Policy', implode('; ', $csp));
$view->appendOutput($this->loadPartial($view, 'header', $data)); $view->appendOutput($this->loadPartial($view, 'header', $data));
if (array_key_exists('message', $data) && is_array($data['message'])) if (array_key_exists('message', $data) && is_array($data['message']))