Home Explore Help
Sign In
RISCI_ATOM
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Files Issues 23 Wiki
Browse Source

Sort headers

Signed-off-by: J0WI <J0WI@users.noreply.github.com>
J0WI 4 years ago
parent
76cbd7db6e
commit
3f2932c75a
2 changed files with 8 additions and 8 deletions
Split View Show Diff Stats
  1. 4 4
      .htaccess
  2. 4 4
      lib/private/legacy/response.php

+ 4 - 4
.htaccess
View File 

@@ -11,13 +11,13 @@
 
 
   <IfModule mod_env.c>
 
     # Add security and privacy related headers
 
+    Header set Referrer-Policy "no-referrer"
 
     Header set X-Content-Type-Options "nosniff"
 
-    Header set X-XSS-Protection "1; mode=block"
 
-    Header set X-Robots-Tag "none"
 
     Header set X-Download-Options "noopen"
 
-    Header set X-Permitted-Cross-Domain-Policies "none"
 
-    Header set Referrer-Policy "no-referrer"
 
     Header set X-Frame-Options "SAMEORIGIN"
 
+    Header set X-Permitted-Cross-Domain-Policies "none"
 
+    Header set X-Robots-Tag "none"
 
+    Header set X-XSS-Protection "1; mode=block"
 
     SetEnv modHeadersAvailable true
 
   </IfModule>

+ 4 - 4
lib/private/legacy/response.php
View File 

@@ -98,13 +98,13 @@ class OC_Response {
 
 		// Send fallback headers for installations that don't have the possibility to send
 
 		// custom headers on the webserver side
 
 		if(getenv('modHeadersAvailable') !== 'true') {
 
-			header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters
 
+			header('Referrer-Policy: no-referrer'); // https://www.w3.org/TR/referrer-policy/
 
 			header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
 
-			header('X-Robots-Tag: none'); // https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag
 
 			header('X-Download-Options: noopen'); // https://msdn.microsoft.com/en-us/library/jj542450(v=vs.85).aspx
 
-			header('X-Permitted-Cross-Domain-Policies: none'); // https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html
 
-			header('Referrer-Policy: no-referrer'); // https://www.w3.org/TR/referrer-policy/
 
 			header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains
 
+			header('X-Permitted-Cross-Domain-Policies: none'); // https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html
 
+			header('X-Robots-Tag: none'); // https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag
 
+			header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters
 
 		}
 
 	}