| 119 |
- |
1 |
<?php
|
|
|
2 |
$default_src = array(
|
|
|
3 |
"'none'"
|
|
|
4 |
);
|
|
|
5 |
$connect_src = array(
|
|
|
6 |
"'self'",
|
|
|
7 |
"https://www.google-analytics.com"
|
|
|
8 |
);
|
|
|
9 |
$font_src = array(
|
|
|
10 |
"'self'",
|
|
|
11 |
"data:",
|
|
|
12 |
"https://fonts.gstatic.com"
|
|
|
13 |
);
|
|
|
14 |
$form_action = array(
|
|
|
15 |
"'self'"
|
|
|
16 |
);
|
|
|
17 |
$frame_src = array(
|
|
|
18 |
"https://bid.g.doubleclick.net",
|
|
|
19 |
"https://www.google.com",
|
|
|
20 |
"https://www.youtube-nocookie.com"
|
|
|
21 |
);
|
|
|
22 |
$img_src = array(
|
|
|
23 |
"'self'",
|
|
|
24 |
"data:",
|
|
|
25 |
"https://*.ebaystatic.com",
|
|
|
26 |
"https://*.googleusercontent.com",
|
|
|
27 |
"https://*.mzstatic.com",
|
|
|
28 |
"https://*.wal.co",
|
|
|
29 |
"https://*.walmartimages.com",
|
|
|
30 |
"https://abs.twimg.com",
|
|
|
31 |
"https://ad.linksynergy.com",
|
|
|
32 |
"https://assets.sheetmusicplus.com",
|
|
|
33 |
"https://beacon.affil.walmart.com",
|
|
|
34 |
"https://cj.dotomi.com",
|
|
|
35 |
"https://images-na.ssl-images-amazon.com",
|
|
|
36 |
"https://images.samash.com",
|
|
|
37 |
"https://img.discogs.com",
|
|
|
38 |
"https://m.media-amazon.com",
|
|
|
39 |
"https://platform-lookaside.fbsbx.com",
|
|
|
40 |
"https://ssl.gstatic.com",
|
| 154 |
- |
41 |
"https://stats.g.doubleclick.net",
|
| 119 |
- |
42 |
"https://t.co",
|
|
|
43 |
"https://transform.dis.commercecloud.salesforce.com",
|
|
|
44 |
"https://via.placeholder.com",
|
|
|
45 |
"https://www.awltovhc.com",
|
|
|
46 |
"https://www.emjcd.com",
|
|
|
47 |
"https://www.facebook.com",
|
|
|
48 |
"https://www.ftjcfx.com",
|
|
|
49 |
"https://www.fye.com",
|
|
|
50 |
"https://www.google-analytics.com",
|
|
|
51 |
"https://www.google.com",
|
|
|
52 |
"https://www.googletagmanager.com",
|
|
|
53 |
"https://www.gstatic.com",
|
|
|
54 |
"https://www.lduhtrp.net",
|
|
|
55 |
"https://www.musicnotes.com",
|
|
|
56 |
"https://www.tqlkg.com",
|
|
|
57 |
"https://www.yceml.net",
|
|
|
58 |
"https://www0.alibris-static.com"
|
|
|
59 |
);
|
|
|
60 |
$script_src = array(
|
|
|
61 |
"'self'",
|
| 120 |
- |
62 |
"'nonce-" . base64_encode($_SESSION["nonce"]) . "'",
|
|
|
63 |
"'unsafe-inline'", // compatability
|
| 119 |
- |
64 |
"https://ajax.googleapis.com",
|
|
|
65 |
"https://analytics.twitter.com",
|
|
|
66 |
"https://cdnjs.cloudflare.com",
|
|
|
67 |
"https://connect.facebook.net/",
|
|
|
68 |
"https://googleads.g.doubleclick.net",
|
|
|
69 |
"https://maxcdn.bootstrapcdn.com",
|
|
|
70 |
"https://ssl.google-analytics.com",
|
|
|
71 |
"https://ssl.gstatic.com",
|
|
|
72 |
"https://tagmanager.google.com",
|
|
|
73 |
"https://static.ads-twitter.com",
|
|
|
74 |
"https://www.google-analytics.com",
|
|
|
75 |
"https://www.google.com",
|
|
|
76 |
"https://www.googleadservices.com",
|
|
|
77 |
"https://www.googletagmanager.com",
|
| 143 |
- |
78 |
"https://www.gstatic.com",
|
|
|
79 |
"https://cdn.datatables.net"
|
| 119 |
- |
80 |
);
|
|
|
81 |
$style_src = array(
|
|
|
82 |
"'self'",
|
| 120 |
- |
83 |
"'nonce-" . base64_encode($_SESSION["nonce"]) . "'",
|
|
|
84 |
"'unsafe-inline'", // compatability
|
|
|
85 |
"https://fonts.googleapis.com",
|
| 119 |
- |
86 |
"https://maxcdn.bootstrapcdn.com/bootstrap/",
|
| 143 |
- |
87 |
"https://tagmanager.google.com",
|
|
|
88 |
"https://cdn.datatables.net"
|
| 119 |
- |
89 |
);
|
|
|
90 |
$frame_ancestors = array(
|
|
|
91 |
"'self'"
|
|
|
92 |
);
|
|
|
93 |
$manifest_src = array(
|
|
|
94 |
"'self'"
|
|
|
95 |
);
|
|
|
96 |
$base_uri = array(
|
|
|
97 |
"'self'"
|
|
|
98 |
);
|
| 120 |
- |
99 |
$report_uri = array(
|
|
|
100 |
"https://www.findcheapmusic.com/violationReportForCSP.php"
|
|
|
101 |
);
|
| 119 |
- |
102 |
|
|
|
103 |
$csp = [];
|
|
|
104 |
$csp[] = "default-src " . join(" ", $default_src);
|
|
|
105 |
$csp[] = "connect-src " . join(" ", $connect_src);
|
|
|
106 |
$csp[] = "font-src " . join(" ", $font_src);
|
|
|
107 |
$csp[] = "form-action " . join(" ", $form_action);
|
|
|
108 |
$csp[] = "frame-src " . join(" ", $frame_src);
|
|
|
109 |
$csp[] = "img-src " . join(" ", $img_src);
|
|
|
110 |
$csp[] = "script-src " . join(" ", $script_src);
|
|
|
111 |
$csp[] = "style-src " . join(" ", $style_src);
|
|
|
112 |
$csp[] = "frame-ancestors " . join(" ", $frame_ancestors);
|
|
|
113 |
$csp[] = "manifest-src " . join(" ", $manifest_src);
|
|
|
114 |
$csp[] = "base-uri " . join(" ", $base_uri);
|
| 120 |
- |
115 |
$csp[] = "report-uri " . join(" ", $report_uri);
|
| 119 |
- |
116 |
|
|
|
117 |
header("Content-Security-Policy: " . join(";", $csp));
|