adding security headers to call chain

Leantime · Apr 28, 2020 · 00e89cd · 00e89cd
1 parent a62c2d4
commit 00e89cd
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/src/core/class.application.php b/src/core/class.application.php
@@ -53,6 +53,8 @@ public function start()
  //Override theme settings
  $this->overrideThemeSettings();
 
+ $this->loadHeaders();
+
  ob_start();
 
  if($this->login->logged_in()===false) {
@@ -94,6 +96,12 @@ public function start()
 
  }
 
+ public function loadHeaders() {
+ header('X-Frame-Options: SAMEORIGIN');
+ header('X-XSS-Protection: 1; mode=block');
+ header('X-Content-Type-Options: nosniff');
+ }
+
  public function overrideThemeSettings() {
 
  if(isset($_SESSION["companysettings.logoPath"]) === false) {