Changelog entry for bug #3383711. Some formatting
[phpmyadmin/crack.git] / libraries / header_http.inc.php
blob9ad890dba9c060cab8aa89b42205b87991a3251f
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
5 * @package phpMyAdmin
6 */
7 if (! defined('PHPMYADMIN')) {
8 exit;
11 /**
14 if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
15 die("GLOBALS overwrite attempt");
18 /**
19 * Sends http headers
21 $GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT';
22 /* Prevent against ClickJacking by allowing frames only from same origin */
23 if (!$GLOBALS['cfg']['AllowThirdPartyFraming']) {
24 header('X-Frame-Options: SAMEORIGIN');
25 header('X-Content-Security-Policy: allow \'self\'; options inline-script eval-script; frame-ancestors \'self\'; img-src \'self\' data:; script-src \'self\' www.phpmyadmin.net');
27 header('Expires: ' . $GLOBALS['now']); // rfc2616 - Section 14.21
28 header('Last-Modified: ' . $GLOBALS['now']);
29 header('Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0'); // HTTP/1.1
30 header('Pragma: no-cache'); // HTTP/1.0
31 if (!defined('IS_TRANSFORMATION_WRAPPER')) {
32 // Define the charset to be used
33 header('Content-Type: text/html; charset=' . $GLOBALS['charset']);