Fix http header

2025-02-20 13:46:52 +01:00 · 2022-07-14 14:59:28 +02:00 · 2022-07-14 14:59:28 +02:00 · a55ab27c67
commit a55ab27c67
parent a26931594c
1 changed files with 8 additions and 0 deletions
--- a/htdocs/install/inc.php
+++ b/htdocs/install/inc.php
@ -195,6 +195,10 @@ if (preg_match('/install\.lock/i', $_SERVER["SCRIPT_FILENAME"])) {
 		$langs->setDefaultLang('auto');
 	}
 	$langs->load("install");
+
+	header("X-Content-Type-Options: nosniff");
+	header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)
+
 	print $langs->trans("YouTryInstallDisabledByDirLock");
 	if (!empty($dolibarr_main_url_root)) {
 		print 'Click on following link, <a href="'.$dolibarr_main_url_root.'/admin/index.php?mainmenu=home&leftmenu=setup'.(GETPOSTISSET("login") ? '&username='.urlencode(GETPOST("login")) : '').'">';
@ -216,6 +220,10 @@ if (@file_exists($lockfile)) {
 		$langs->setDefaultLang('auto');
 	}
 	$langs->load("install");
+
+	header("X-Content-Type-Options: nosniff");
+	header("X-Frame-Options: SAMEORIGIN"); // Frames allowed only if on same domain (stop some XSS attacks)
+
 	print $langs->trans("YouTryInstallDisabledByFileLock");
 	if (!empty($dolibarr_main_url_root)) {
 		print $langs->trans("ClickOnLinkOrRemoveManualy").'<br>';