I want to add some additional headers/ header fields to my http response header. There should be these additions lines in my response when someone gets to any of my pages:
Content-Security-Policy: default-src 'self'; font-src 'self' https://fonts.googleapis.com
Does anyone know how I can achieve this?
Using mod_headers in my
.htaccess does not work, because php files are ignored.
Simply calling the php-function
header("my header text") has also not worked. I added them in my first snippet right before the beginning of all the html stuff.
I´m using apache and php 5.6 on uberspace. Thank you.
EDIT: It works fine on my local machine, but not on the server. I currently don´t know why.
The problem is, that I use caching in to production environment! And a cached site does not execute any functions any more.
How can I utilize the
c::set('headers',array()); found in the cheat sheet option without having to add all of my templates?
Unfortunately you can’t (yet). That would require some kind of wildcard template definition (like a key of
*, of which all headers will be applied to every template additionally to the specific headers).
The relevant code is in page.php. It would be awesome if you could open a PR on GitHub for that feature (using array merging for example).
I would take a look in the next few days.
Because I´m trying to implement some of the security options mentions in https://httpsecurityreport.com I will try to solve this topic http://forum.getkirby.com/t/more-secure-php-session-cookie/1828 too.
The code is ready to be pulled: kirby/pull/294
And there is an corresponding docs update as well, linked to the pull request.