Merge pull request #226 from Leantime/2.1-bump

adding security headers to call chain
Leantime · Apr 29, 2020 · 080774f · 080774f
2 parents b7cbfbe + 00e89cd
commit 080774f
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/src/core/class.application.php b/src/core/class.application.php
@@ -53,6 +53,8 @@ public function start()
  //Override theme settings
  $this->overrideThemeSettings();
 
+ $this->loadHeaders();
+
  ob_start();
 
  if($this->login->logged_in()===false) {
@@ -94,6 +96,12 @@ public function start()
 
  }
 
+ public function loadHeaders() {
+ header('X-Frame-Options: SAMEORIGIN');
+ header('X-XSS-Protection: 1; mode=block');
+ header('X-Content-Type-Options: nosniff');
+ }
+
  public function overrideThemeSettings() {
 
  if(isset($_SESSION["companysettings.logoPath"]) === false) {