Subversion Repositories cheapmusic

Rev

Rev 120 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed 

<?php
$default_src = array(
    "'none'"
);
$connect_src = array(
    "'self'",
    "https://www.google-analytics.com"
);
$font_src = array(
    "'self'",
    "data:",
    "https://fonts.gstatic.com"
);
$form_action = array(
    "'self'"
);
$frame_src = array(
    "https://bid.g.doubleclick.net",
    "https://www.google.com",
    "https://www.youtube-nocookie.com"
);
$img_src = array(
    "'self'",
    "data:",
    "https://*.ebaystatic.com",
    "https://*.googleusercontent.com",
    "https://*.mzstatic.com",
    "https://*.wal.co",
    "https://*.walmartimages.com",
    "https://abs.twimg.com",
    "https://ad.linksynergy.com",
    "https://assets.sheetmusicplus.com",
    "https://beacon.affil.walmart.com",
    "https://cj.dotomi.com",
    "https://images-na.ssl-images-amazon.com",
    "https://images.samash.com",
    "https://img.discogs.com",
    "https://m.media-amazon.com",
    "https://platform-lookaside.fbsbx.com",
    "https://ssl.gstatic.com",
    "https://t.co",
    "https://transform.dis.commercecloud.salesforce.com",
    "https://via.placeholder.com",
    "https://www.awltovhc.com",
    "https://www.emjcd.com",
    "https://www.facebook.com",
    "https://www.ftjcfx.com",
    "https://www.fye.com",
    "https://www.google-analytics.com",
    "https://www.google.com",
    "https://www.googletagmanager.com",
    "https://www.gstatic.com",
    "https://www.lduhtrp.net",
    "https://www.musicnotes.com",
    "https://www.tqlkg.com",
    "https://www.yceml.net",
    "https://www0.alibris-static.com"
);
$script_src = array(
    "'self'",
    "'nonce-" . base64_encode($_SESSION["nonce"]) . "'",
"'unsafe-inline'", // compatability
    "https://ajax.googleapis.com",
    "https://analytics.twitter.com",
    "https://cdnjs.cloudflare.com",
    "https://connect.facebook.net/",
    "https://googleads.g.doubleclick.net",
    "https://maxcdn.bootstrapcdn.com",
    "https://ssl.google-analytics.com",
    "https://ssl.gstatic.com",
    "https://tagmanager.google.com",
    "https://static.ads-twitter.com",
    "https://www.google-analytics.com",
    "https://www.google.com",
    "https://www.googleadservices.com",
    "https://www.googletagmanager.com",
    "https://www.gstatic.com",
    "https://cdn.datatables.net"
);
$style_src = array(
    "'self'",
    "'nonce-" . base64_encode($_SESSION["nonce"]) . "'",
"'unsafe-inline'", // compatability
    "https://fonts.googleapis.com",
    "https://maxcdn.bootstrapcdn.com/bootstrap/",
    "https://tagmanager.google.com",
    "https://cdn.datatables.net"
);
$frame_ancestors = array(
    "'self'"
);
$manifest_src = array(
    "'self'"
);
$base_uri = array(
    "'self'"
);
$report_uri = array(
    "https://www.findcheapmusic.com/violationReportForCSP.php"
);

$csp = [];
$csp[] = "default-src " . join(" ", $default_src);
$csp[] = "connect-src " . join(" ", $connect_src);
$csp[] = "font-src " . join(" ", $font_src);
$csp[] = "form-action " . join(" ", $form_action);
$csp[] = "frame-src " . join(" ", $frame_src);
$csp[] = "img-src " . join(" ", $img_src);
$csp[] = "script-src " . join(" ", $script_src);
$csp[] = "style-src " . join(" ", $style_src);
$csp[] = "frame-ancestors " . join(" ", $frame_ancestors);
$csp[] = "manifest-src " . join(" ", $manifest_src);
$csp[] = "base-uri " . join(" ", $base_uri);
$csp[] = "report-uri " . join(" ", $report_uri);

header("Content-Security-Policy: " . join(";", $csp));