Add P3P headers to avoid potential issues with IE

author: Frederic Guillot <fred@kanboard.net> 2016-11-09 19:11:51 -0500
committer: Frederic Guillot <fred@kanboard.net> 2016-11-09 19:11:51 -0500
commit: 544da3150a5085cebd8c043698d607efe873e19f (patch)
tree: 0cfc32d5adb1727641e140fee2a658a8427d5393 /app
parent: d261f4146d3bf2fb069f72067ba0a52e8e13dce3 (diff)
2 files changed, 13 insertions, 0 deletions
diff --git a/app/Core/Http/Response.php b/app/Core/Http/Response.php
index 0f16fb65..0af763a6 100644
--- a/app/Core/Http/Response.php
+++ b/app/Core/Http/Response.php
@@ -129,6 +129,18 @@ class Response extends Base
     }
 
     /**
+     * Add P3P headers for Internet Explorer
+     *
+     * @access public
+     * @return $this
+     */
+    public function withP3P()
+    {
+        $this->withHeader('P3P', 'CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
+        return $this;
+    }
+
+    /**
      * Set HTTP response body
      *
      * @access public
diff --git a/app/Middleware/BootstrapMiddleware.php b/app/Middleware/BootstrapMiddleware.php
index 727f600c..778221b3 100644
--- a/app/Middleware/BootstrapMiddleware.php
+++ b/app/Middleware/BootstrapMiddleware.php
@@ -32,6 +32,7 @@ class BootstrapMiddleware extends BaseMiddleware
     {
         $this->response->withContentSecurityPolicy($this->container['cspRules']);
         $this->response->withSecurityHeaders();
+        $this->response->withP3P();
 
         if (ENABLE_XFRAME) {
             $this->response->withXframe();
author	Frederic Guillot <fred@kanboard.net>	2016-11-09 19:11:51 -0500
committer	Frederic Guillot <fred@kanboard.net>	2016-11-09 19:11:51 -0500
commit	544da3150a5085cebd8c043698d607efe873e19f (patch)
tree	0cfc32d5adb1727641e140fee2a658a8427d5393 /app
parent	d261f4146d3bf2fb069f72067ba0a52e8e13dce3 (diff)