Adding some HTTP headers for security (Bug 1531987)
X-XSS-Protection: Tells the browser not to disable XSS protection
X-Content-Type-Options: Tells the browser not to try to guess at
mimetypes of downloads
X-Permitted-Cross-Domain-Policies: Tells Flash & PDF not to trust
alternate crossdomain.xml files (which set the permissions on whether
this site allows itself to be accessed by scripts in Flash & PDF).
Prevents an attacker from uploading a more permissive crossdomain.xml
X-Powered-By: PHP by default sends this header with the current full
PHP version.
Reviewed: https:/ /reviews. mahara. org/6009 /git.mahara. org/mahara/ mahara/ commit/ 29656f034ff0eef a19fb6a0c24f006 ff3ef9e1f0
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: master
commit 29656f034ff0eef a19fb6a0c24f006 ff3ef9e1f0
Author: Aaron Wells <email address hidden>
Date: Thu Feb 4 16:33:11 2016 +1300
Adding some HTTP headers for security (Bug 1531987)
X-XSS-Protection: Tells the browser not to disable XSS protection
X-Content- Type-Options: Tells the browser not to try to guess at
mimetypes of downloads
X-Permitted- Cross-Domain- Policies: Tells Flash & PDF not to trust
alternate crossdomain.xml files (which set the permissions on whether
this site allows itself to be accessed by scripts in Flash & PDF).
Prevents an attacker from uploading a more permissive crossdomain.xml
X-Powered-By: PHP by default sends this header with the current full
PHP version.
behatnotneeded: Selenium can't examine HTTP response headers
Change-Id: Ia2a6de971fc62b 7d8806ad010aa0f be37c1a7357