Add security headers to the default response

phpList / rest-api

This module is the REST API for phpList, powered by phpList 4

https://www.phplist.com/

GNU Affero General Public License v3.0

22 stars 12 forks source link

Add security headers to the default response #110

Closed xh3n1 closed 6 years ago

xh3n1 commented 6 years ago

Added security headers such as:

'X-Content-Type-Options' =>'nosniff',
  'Content-Security-Policy' => "default-src 'none'",
   'X-Frame-Options' => 'DENY'

Fix #111

xh3n1 commented 6 years ago

@oliverklee Thank you for the review 😄 I made the changes, and actually wrote a system test for the SecuredViewHandler. Also fixed #112

xh3n1 commented 6 years ago

Thanks for the review @oliverklee I applied the requested coding style and rebased to master. I hope that I didn't miss anything. Just a question about changelog.md, under which release should I add the changes?

oliverklee commented 6 years ago

Just a question about changelog.md, under which release should I add the changes?

Under "x.y.z (next release)", please.

xh3n1 commented 6 years ago

ok thanks @oliverklee , I will create another PR for that.

oliverklee commented 6 years ago

I will create another PR for that.

Optimally, the changelog entry for a PR should be part of the same PR.