* Kein xhtml-support mehr, daher muss content-type nicht

konfigurierbar sein. * Security-Header X-Frame-Options wie andere header über .htaccess. * Auskommentiertes Debugging raus.
schokokeksorg · Apr 13, 2024 · 572cf3f · 572cf3f
1 parent 84e38c4
commit 572cf3f
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 11 deletions.
diff --git a/.htaccess b/.htaccess
@@ -12,6 +12,7 @@
 Redirect /.well-known/change-password /go/index/chpass
 
 header always set X-Content-Type-Options nosniff
+header always set X-Frame-Options DENY
 
 RewriteEngine On
 RewriteBase /

diff --git a/inc/top.php b/inc/top.php
@@ -29,13 +29,8 @@
             include("modules/{$module}/menu.php");
         }
         if (empty($menu)) {
-            #DEBUG("Modul {$module} hat keine Menüeinträge");
             continue;
         }
-        // Menüeinträge spammen den debug-output zu
-        //DEBUG("<h4>$module</h4>");
-        //DEBUG($menu);
-        // $menu["foo"]["file"] enthält den Link
         foreach (array_keys($menu) as $key) {
             $menu[$key]["file"] = $prefix . "go/" . $module . "/" . $menu[$key]["file"];
             $weight = $menu[$key]["weight"];
@@ -73,17 +68,11 @@
     }
 
     ksort($weighted_menuitem);
-    #DEBUG($weighted_menuitem);
 
     foreach ($submenu as $weight => $data) {
         ksort($submenu[$weight]);
     }
 
-    #DEBUG($submenu);
-
-    // Verbiete das Laden in jeglichem Frameset
-    header("X-FRAME-OPTIONS: DENY");
-    header("Content-Type: " . config('mime_type'));
 
     if (!isset($html_header)) {
         $html_header = '';