123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 |
- <?php
- class OC_Response {
-
- public static function setContentDispositionHeader($filename, $type = 'attachment') {
- if (\OC::$server->getRequest()->isUserAgent(
- [
- \OC\AppFramework\Http\Request::USER_AGENT_IE,
- \OC\AppFramework\Http\Request::USER_AGENT_ANDROID_MOBILE_CHROME,
- \OC\AppFramework\Http\Request::USER_AGENT_FREEBOX,
- ])) {
- header('Content-Disposition: ' . rawurlencode($type) . '; filename="' . rawurlencode($filename) . '"');
- } else {
- header('Content-Disposition: ' . rawurlencode($type) . '; filename*=UTF-8\'\'' . rawurlencode($filename)
- . '; filename="' . rawurlencode($filename) . '"');
- }
- }
-
- public static function setContentLengthHeader($length) {
- if (PHP_INT_SIZE === 4) {
- if ($length > PHP_INT_MAX && stripos(PHP_SAPI, 'apache') === 0) {
-
-
-
-
-
- return;
- }
-
- $lfh = new \OC\LargeFileHelper;
- $length = $lfh->formatUnsignedInteger($length);
- }
- header('Content-Length: ' . $length);
- }
-
- public static function addSecurityHeaders() {
-
- $policy = 'default-src \'self\'; '
- . 'script-src \'self\' \'nonce-' . \OC::$server->getContentSecurityPolicyNonceManager()->getNonce() . '\'; '
- . 'style-src \'self\' \'unsafe-inline\'; '
- . 'frame-src *; '
- . 'img-src * data: blob:; '
- . 'font-src \'self\' data:; '
- . 'media-src *; '
- . 'connect-src *; '
- . 'object-src \'none\'; '
- . 'base-uri \'self\'; ';
- header('Content-Security-Policy:' . $policy);
-
-
- if (getenv('modHeadersAvailable') !== 'true') {
- header('Referrer-Policy: no-referrer');
- header('X-Content-Type-Options: nosniff');
- header('X-Frame-Options: SAMEORIGIN');
- header('X-Permitted-Cross-Domain-Policies: none');
- header('X-Robots-Tag: noindex, nofollow');
- header('X-XSS-Protection: 1; mode=block');
- }
- }
- }
|