| 26 |
==== Private Properties ====
|
26 |
====Private Properties====
|
| 27 |
|
27 |
|
| 28 |
|
28 |
#|
|
| |
|
29 |
*| Property | Type | Description |*
|
| |
|
30 |
|| ##$db## | object | Database connection reference ||
|
| |
|
31 |
|| ##$tls_mark## | string | Cookie name for TLS session marking ||
|
| |
|
32 |
|| ##$page## | string | Current page name being processed ||
|
| |
|
33 |
|| ##$hash## | string | SHA1 hash of the page name ||
|
| |
|
34 |
|| ##$query## | string | Encoded query string ||
|
| |
|
35 |
|| ##$lang## | string | Current language code ||
|
| |
|
36 |
|| ##$file## | string | Cache file path ||
|
| |
|
37 |
|| ##$caching## | int | Flag indicating if page should be cached (0 or 1) ||
|
| |
|
38 |
|#
|
| |
|
39 |
|
| |
|
40 |
----
|
| 222 |
===== ##http_security_headers(): void## =====
|
234 |
=====##http_security_headers(): void##=====
|
| 223 |
|
235 |
|
| 224 |
|
236 |
Sets security-related HTTP headers.
|
| |
|
237 |
|
| |
|
238 |
**Headers Set:**
|
| |
|
239 |
|
| |
|
240 |
#|
|
| |
|
241 |
*| Header | Purpose | Config Key |*
|
| |
|
242 |
|| Content-Security-Policy | XSS/injection protection | ##csp## ||
|
| |
|
243 |
|| Permissions-Policy | Control browser features | ##permissions_policy## ||
|
| |
|
244 |
|| Referrer-Policy | Control referrer information | ##referrer_policy## ||
|
| |
|
245 |
|| Strict-Transport-Security | Force HTTPS | Auto (TLS only) ||
|
| |
|
246 |
|| X-Frame-Options | Clickjacking protection | Hardcoded: ##SAMEORIGIN## ||
|
| |
|
247 |
|| X-Content-Type-Options | MIME sniffing prevention | Hardcoded: ##nosniff## ||
|
| |
|
248 |
|#
|
| |
|
249 |
|
| |
|
250 |
**CSP Configuration Options:**
|
| |
|
251 |
- ##0## - Disabled
|
| |
|
252 |
- ##1## - Default policy (from ##csp.conf##)
|
| |
|
253 |
- ##2## - Custom policy (from ##csp_custom.conf##)
|
| |
|
254 |
|
| |
|
255 |
**Example:**
|
| |
|
256 |
%%php
|
| |
|
257 |
$http->http_security_headers();
|
| |
|
258 |
%%
|
| |
|
259 |
|
| |
|
260 |
----
|