]> git.ipfire.org Git - ipfire-2.x.git/commit
projects / ipfire-2.x.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7ddfc68) | patch
prevent loading resources from external sites
authorPeter Müller <peter.mueller@link38.eu>
Sun, 3 Dec 2017 19:34:02 +0000 (20:34 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Sat, 16 Dec 2017 12:18:39 +0000 (12:18 +0000)
commiteb6d71514a27e4af5953bd07c34f3ee82c2ef463
tree1472495c339a0eec562476eac6512f5e6fb6dc43tree | snapshot
parent7ddfc686e232ed7e7bdbcd3b954fdebf0f8d7896commit | diff
prevent loading resources from external sites

Make Apache transmit a CSP (Content Security Policy) header
for WebUI and Captive Portal contents.

This prevents some XSS and content injection attacks, especially
in case no transport encryption (Captive Portal!) can be used.

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/httpd/vhosts.d/captive.conf diff | blob | blame | history
config/httpd/vhosts.d/ipfire-interface-ssl.conf diff | blob | blame | history
config/httpd/vhosts.d/ipfire-interface.conf diff | blob | blame | history
IPFire 2.x development tree