From 544da3150a5085cebd8c043698d607efe873e19f Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Wed, 9 Nov 2016 19:11:51 -0500
Subject: Add P3P headers to avoid potential issues with IE

---
 app/Core/Http/Response.php             | 12 ++++++++++++
 app/Middleware/BootstrapMiddleware.php |  1 +
 2 files changed, 13 insertions(+)

(limited to 'app')

diff --git a/app/Core/Http/Response.php b/app/Core/Http/Response.php
index 0f16fb65..0af763a6 100644
--- a/app/Core/Http/Response.php
+++ b/app/Core/Http/Response.php
@@ -128,6 +128,18 @@ class Response extends Base
         return $this;
     }
 
+    /**
+     * Add P3P headers for Internet Explorer
+     *
+     * @access public
+     * @return $this
+     */
+    public function withP3P()
+    {
+        $this->withHeader('P3P', 'CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
+        return $this;
+    }
+
     /**
      * Set HTTP response body
      *
diff --git a/app/Middleware/BootstrapMiddleware.php b/app/Middleware/BootstrapMiddleware.php
index 727f600c..778221b3 100644
--- a/app/Middleware/BootstrapMiddleware.php
+++ b/app/Middleware/BootstrapMiddleware.php
@@ -32,6 +32,7 @@ class BootstrapMiddleware extends BaseMiddleware
     {
         $this->response->withContentSecurityPolicy($this->container['cspRules']);
         $this->response->withSecurityHeaders();
+        $this->response->withP3P();
 
         if (ENABLE_XFRAME) {
             $this->response->withXframe();
-- 
cgit v1.2.3