Skip to content

Instantly share code, notes, and snippets.

View SamuelHerrera's full-sized avatar

Samuel Herrera SamuelHerrera

7 followers · 2 following
  • 4THS
  • Merida Yucatan
View GitHub Profile
@SamuelHerrera
SamuelHerrera / cloudSettings
Created October 6, 2020 14:21 — forked from samuelherrera22/cloudSettings
Visual Studio Code Settings Sync Gist
{"lastUpload":"2020-10-06T14:03:27.871Z","extensionVersion":"v3.4.3"}
@SamuelHerrera
SamuelHerrera / cspheader.php
Created December 10, 2017 10:32 — forked from phpdave/cspheader.php
CSP Header for PHP or Apache or .htaccess - Content Security Protocol
<?
//CSP only works in modern browsers Chrome 25+, Firefox 23+, Safari 7+
$headerCSP = "Content-Security-Policy:".
"connect-src 'self' ;". // XMLHttpRequest (AJAX request), WebSocket or EventSource.
"default-src 'self';". // Default policy for loading html elements
"frame-ancestors 'self' ;". //allow parent framing - this one blocks click jacking and ui redress
"frame-src 'none';". // vaid sources for frames
"media-src 'self' *.example.com;". // vaid sources for media (audio and video html tags src)
"object-src 'none'; ". // valid object embed and applet tags src
"report-uri https://example.com/violationReportForCSP.php;". //A URL that will get raw json data in post that lets you know what was violated and blocked