├── CHANGELOG.md
├── assets
    ├── lupe.gif
    ├── refresh.gif
    ├── reset.gif
    ├── indicator.gif
    ├── sortierung.gif
    ├── style-darkmode.css
    └── style.css
├── uninstall.php
├── README.md
├── package.yml
├── LICENSE
├── lang
    ├── en_gb.lang
    ├── dk_dk.lang
    ├── nl_nl.lang
    └── de_de.lang
├── install.php
├── functions
    └── functions.inc.php
├── pages
    ├── help.inc.php
    ├── index.php
    └── default.inc.php
└── boot.php


/CHANGELOG.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FriendsOfREDAXO/httpheader/main/CHANGELOG.md


--------------------------------------------------------------------------------
/assets/lupe.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FriendsOfREDAXO/httpheader/main/assets/lupe.gif


--------------------------------------------------------------------------------
/assets/refresh.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FriendsOfREDAXO/httpheader/main/assets/refresh.gif


--------------------------------------------------------------------------------
/assets/reset.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FriendsOfREDAXO/httpheader/main/assets/reset.gif


--------------------------------------------------------------------------------
/assets/indicator.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FriendsOfREDAXO/httpheader/main/assets/indicator.gif


--------------------------------------------------------------------------------
/assets/sortierung.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/FriendsOfREDAXO/httpheader/main/assets/sortierung.gif


--------------------------------------------------------------------------------
/uninstall.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | /*
 3 | 	Redaxo-Addon HTTP-Header
 4 | 	Deinstallation
 5 | 	v1.0
 6 | 	by Falko Müller @ 2021
 7 | 	package: redaxo5
 8 | */
 9 | 
10 | //Variablen deklarieren
11 | $mypage = $this->getProperty('package');
12 | $error = ""; $notice = "";
13 | 
14 | 
15 | //Datenbank-Einträge löschen
16 | 
17 | 
18 | //Module löschen
19 | 
20 | 
21 | //Aktionen löschen
22 | 
23 | 
24 | //Templates löschen
25 | ?>


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | HTTP-Header
 2 | ===========
 3 | 
 4 | Aktivierung verschiedener Webseiten-Header zur Einstellung von Sicherheitsmaßnahmen und Optimierungen.
 5 | 
 6 | Zu beachten ist, dass nicht alle Header von allen Browsern berücksichtigt werden und dass der verwendete Webserver die jeweilige Aktivierung unterstützen muss.
 7 | 
 8 | 
 9 | Einstellbare Header
10 | -------------------
11 | - Connection: keep-alive
12 | - Vary: Accept-Encoding
13 | - Unterdrückung der Serverkennung
14 | - Unterdrückung der Kennung X-Powered-By
15 | - X-Content-Type-Options: nosniff
16 | - X-Frame-Options
17 | - X-XSS-Protection
18 | - Referrer-Policy
19 | - Strict-Transport-Security
20 | - Content-Security-Policy
21 | - Feature-/Permissions-Policy
22 | 
23 | -----
24 | 
25 | ### Changelog
26 | siehe CHANGELOG.md des AddOns


--------------------------------------------------------------------------------
/package.yml:
--------------------------------------------------------------------------------
 1 | # Alle hier gesetzten Werte können über $addon->getProperty($key) abgefragt werden
 2 | 
 3 | package: httpheader																							#Pflichtfeld
 4 | version: '1.1.3'																								#Pflichtfeld
 5 | author: Friends Of REDAXO
 6 | supportpage: https://github.com/FriendsOfREDAXO/httpheader
 7 | 
 8 | page:
 9 |     title: 'translate:a1656_title' 																			#Werte die mit "translate:" beginnen kommen aus der Sprachdatei.
10 |     perm: httpheader[]
11 |     icon: rex-icon fa-exclamation-triangle
12 |     subpages:
13 |         default: { title: 'translate:a1656_default' }
14 |         help: { title: 'translate:a1656_help', icon: rex-icon fa-info-circle, itemclass: pull-right }
15 | 
16 | requires:
17 |     redaxo: '^5.10.0' 																						#benötigt mindestens REDAXO 5.10
18 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2019 Friends Of REDAXO
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/assets/style-darkmode.css:
--------------------------------------------------------------------------------
 1 | @charset "utf-8";
 2 | /* CSS Document for HTTP-Header - DarkMode */
 3 | /* v1.1 */
 4 | 
 5 | 
 6 | @media (prefers-color-scheme: dark){
 7 | 	
 8 | 	body:not(.rex-theme-light) .boxed-group { background: #242f3c; }
 9 | 	
10 | 	body:not(.rex-theme-light) .hh-modal .modal-header { background: inherit; }
11 | 
12 | 	body:not(.rex-theme-light) .checkbox.toggle label input,
13 | 	body:not(.rex-theme-light) .radio.toggle label input
14 | 		{ background: #202b35; }
15 | 	body:not(.rex-theme-light) .checkbox.toggle label input::after, 
16 | 	body:not(.rex-theme-light) .radio.toggle label input::after, 
17 | 	body:not(.rex-theme-light) .radio.switch label input::before
18 | 		{ background: #CCC; }
19 | 
20 | 	body:not(.rex-theme-light) .checkbox.toggle label input:checked,
21 | 	body:not(.rex-theme-light) .radio.toggle label input:checked 
22 | 		{ background: #409be4; }
23 | 	body:not(.rex-theme-light) .checkbox.toggle label input:checked::after, 
24 | 	body:not(.rex-theme-light) .radio.toggle label input:checked::after, 
25 | 	body:not(.rex-theme-light) .radio.switch label input:checked::before
26 | 		{ background: #EEE; }
27 | 
28 | }


--------------------------------------------------------------------------------
/assets/style.css:
--------------------------------------------------------------------------------
 1 | @charset "utf-8";
 2 | /* CSS Document for HTTP-Header */
 3 | /* v1.0 */
 4 | 
 5 | .boxed-group { position: relative; background: rgba(255,255,255, 0.6); margin: 0px 0px 15px; padding: 15px 20px; border: #CCC; }
 6 | .boxed-group dl.form-group { margin-bottom: 0px; margin-top: 15px; }
 7 | 	.boxed-group dl.form-group:first-child { margin-top: 0px; }
 8 | 	.boxed-group .hiddencontent > dl:first-child { margin-top: 15px; }
 9 | 
10 | .boxed-group label.nobold { font-weight: normal; }
11 | 
12 | .cspblock { display: inline-block; vertical-align: top; min-width: 182px; margin: 0px 23px 18px 0px; padding: 7px 14px; transition: all .3s ease; }
13 | 	.cspblock:hover { background: #FFF; }
14 | .cspblock label { margin-right: 0px !important; }
15 | .cspblock ul { list-style: none; margin: 0px; padding: 0px;}
16 | .cspblock li { margin: 0px 0px 5px; }
17 | 
18 | 
19 | /* Header-Farben */
20 | .hh-risk { border-left: 3px solid orange; }
21 | .hh-highrisk { border-left: 3px solid #D9534F; }
22 | 
23 | /* Checkbox-Toggler */
24 | label input[type=checkbox].toggle { -webkit-appearance: none; -moz-appearance: none; appearance: none; width: 3em; height: 1.5em; background: #ddd; vertical-align: middle; border-radius: 1.6em; position: relative; outline: 0; margin-top: -3px; margin-right: 10px; cursor: pointer; -webkit-transition: background 0.1s ease-in-out; transition: background 0.1s ease-in-out; }
25 | 	label input[type=checkbox].toggle::after { content: ''; width: 1.5em; height: 1.5em; background: white; position: absolute; border-radius: 1.2em; -webkit-transform: scale(0.7); transform: scale(0.7); left: 0; box-shadow: 0 1px rgba(0, 0, 0, 0.5); -webkit-transition: left 0.1s ease-in-out; transition: left 0.1s ease-in-out; }
26 | label input[type=checkbox].toggle:checked { background: #5791CE; }
27 | 	label input[type=checkbox].toggle:checked::after { left: 1.5em; }
28 | 
29 | /* Checkbox-Toggler small */
30 | .includebackend { text-align: right; zoom: 0.75; margin: 0px; position: absolute; top: 13px; right: 13px; }
31 | .includebackend label { margin-right: 0px !important; }
32 | .includebackend label input[type=checkbox].toggle { margin-right: 8px; }
33 | 
34 | 
35 | /* Modalfenster */
36 | .hh-modal { background: rgba(40,53,66, 0.4); }
37 | .hh-modal .modal-header { background: #dfe3e9; line-height: 1.25; padding: 10px 15px; font-size: 16px; }
38 | .hh-modal .modal-title { display: inline; }
39 | .hh-content { display: none; }
40 | 
41 | 
42 | @media (min-width: 768px){
43 | 	.hh-modal-large .modal-dialog { width: 90%; max-width: 800px;}
44 | }


--------------------------------------------------------------------------------
/lang/en_gb.lang:
--------------------------------------------------------------------------------
  1 | # addon: httpheader en_gb 1.0
  2 | 
  3 | a1656_title = HTTP header
  4 | 
  5 | a1656_default = Settings
  6 | a1656_help = Help
  7 | 
  8 | a1656_head_basics = Settings
  9 | a1656_head_help = Online help
 10 | 
 11 | 
 12 | a1656_subheader_basic1 = Various headers
 13 | a1656_subheader_basic2 = Security header
 14 | 
 15 | 
 16 | # Backend Output
 17 | a1656_seo_modal_title = SEO CheckUp
 18 | a1656_seo_modal_analyze = Analysis is loading ...
 19 | a1656_seo_modal_close = Close
 20 | a1656_seo_modal_error = Error
 21 | a1656_seo_modal_legibility = Readability
 22 | a1656_seo_modal_artnotfound = Article not found
 23 | 
 24 | 
 25 | # Page: General = Settings
 26 | a1656_bas_active = activate
 27 | a1656_bas_remove = suppress
 28 | a1656_bas_includebackend = Including backend
 29 | a1656_bas_property = property
 30 | 
 31 | a1656_bas_h_connection = Connection: keep-alive
 32 | a1656_bas_h_vary = Vary: Accept-Encoding
 33 | a1656_bas_h_server = Server ID
 34 | a1656_bas_h_poweredby = X-Powered-By
 35 | a1656_bas_h_contenttype = X-Content-Type-Options: nosniff
 36 | a1656_bas_h_frame = X frame options
 37 | a1656_bas_h_xss = X-XSS protection
 38 | a1656_bas_h_xss_block = Mode: Block
 39 | a1656_bas_h_referer = Referrer-Policy
 40 | a1656_bas_h_transport = Strict-Transport-Security
 41 | a1656_bas_h_transport_maxage = Validity (sec.)
 42 | a1656_bas_h_transport_subdomains = Including SubDomains
 43 | a1656_bas_h_csp = Content-Security-Policy
 44 | a1656_bas_h_csp_noeditor = Use input field instead of selection
 45 | a1656_bas_h_csp_editor = Define properties
 46 | a1656_bas_h_csp_definition = Store CSP definition
 47 | a1656_bas_h_csp_definition_example = Format: Content-Security-Policy: default-src https: 'unsafe-inline'; frame-ancestors 'none';
 48 | a1656_bas_h_csp_url_example = URL: https://www.domain.de
 49 | a1656_bas_h_fpp = Feature / Permissions Policy
 50 | a1656_bas_h_fpp_noeditor = Use input fields instead of selection
 51 | a1656_bas_h_fpp_editor = Define properties
 52 | a1656_bas_h_fpp_definition_f = Store feature definition
 53 | a1656_bas_h_fpp_definition_p = Store permission definition
 54 | a1656_bas_h_fpp_definition_f_example = Format: Feature Policy: camera 'none'; microphone self;
 55 | a1656_bas_h_fpp_definition_p_example = Format: Permissions-Policy: camera = (), microphone = (self)
 56 | 
 57 | a1656_bas_h_csp_default = default-src
 58 | a1656_bas_h_csp_img = img-src
 59 | a1656_bas_h_csp_media = media-src
 60 | a1656_bas_h_csp_font = font-src
 61 | a1656_bas_h_csp_script = script-src
 62 | a1656_bas_h_csp_style = style-src
 63 | a1656_bas_h_csp_object = object-src
 64 | a1656_bas_h_csp_form = form-action
 65 | a1656_bas_h_csp_frame = frame-src
 66 | a1656_bas_h_csp_frameanc = frame-ancestors
 67 | a1656_bas_h_csp_connect = connect-src
 68 | a1656_bas_h_csp_manifest = manifest-src
 69 | 
 70 | a1656_bas_h_fpp_camera = camera
 71 | a1656_bas_h_fpp_geolocation = geolocation
 72 | a1656_bas_h_fpp_gyro = gyroscope
 73 | a1656_bas_h_fpp_magnet = magnetometer
 74 | a1656_bas_h_fpp_micro = microphone
 75 | a1656_bas_h_fpp_usb = usb
 76 | a1656_bas_h_fpp_docdomain = document-domain
 77 | a1656_bas_h_fpp_fullscreen = fullscreen
 78 | a1656_bas_h_fpp_payment = payment
 79 | 
 80 | a1656_bas_h_editor_https = https:
 81 | a1656_bas_h_editor_data = data:
 82 | a1656_bas_h_editor_blob = blob:
 83 | a1656_bas_h_editor_self = self
 84 | a1656_bas_h_editor_inline = unsafe-inline
 85 | a1656_bas_h_editor_eval = unsafe-eval
 86 | a1656_bas_h_editor_hashes = unsafe-hashes
 87 | a1656_bas_h_editor_none = none
 88 | 
 89 | 
 90 | # Other requirements
 91 | a1656_example = example
 92 | a1656_examples = Examples ...
 93 | a1656_overview = Overview:
 94 | 
 95 | a1656_search_all = all
 96 | a1656_search_noselection = - no selection -
 97 | a1656_search_sort = View
 98 | a1656_search_sort_onlyactive = only active entries (online)
 99 | a1656_search_sort_onlyinactive = only deactivated entries (offline)
100 | a1656_search_keyword = Search term
101 | a1656_search_submit = search
102 | a1656_search_reset = Reset search
103 | a1656_search_notfound = No entries were found.
104 | a1656_search_more = more options
105 | a1656_search_cat = Category
106 | a1656_search_maincat = Main Category
107 | a1656_search_archive = Show archive entries only
108 | 
109 | a1656_edit = change
110 | a1656_delete = delete
111 | a1656_online = online
112 | a1656_offline = offline
113 | a1656_new = add
114 | a1656_save = Save
115 | a1656_yes = yes
116 | a1656_no = no
117 | a1656_showbox = show / hide
118 | a1656_showcss = show / hide CSS
119 | 
120 | a1656_settings_saved = The settings have been saved!
121 | a1656_module_saved = The module has been installed!
122 | a1656_error = An error has occurred!
123 | a1656_notice = Notice
124 | a1656_entry_saved = Entry saved
125 | a1656_entry_deleted = Entry deleted
126 | a1656_error_saved = Error while saving
127 | a1656_error_deleted = Error deleting
128 | 
129 | a1656_dir = directory
130 | a1656_destdir = destination directory
131 | a1656_notdeleted = could not be deleted
132 | a1656_notcopyed = could not be copied
133 | a1656_deletemodule = Please manually delete modules installed via the add-on.
134 | a1656_emptyfield = empty or invalid
135 | a1656_charslenfield = is too short
136 | 
137 | a1656_js_confirm = Do you really want to install the module?


--------------------------------------------------------------------------------
/lang/dk_dk.lang:
--------------------------------------------------------------------------------
  1 | # addon: httpheader dk_dk 1.0
  2 | 
  3 | a1656_title = HTTP-header
  4 | 
  5 | a1656_default = Indstillinger
  6 | a1656_help = Hjælp
  7 | 
  8 | a1656_head_basics = Indstillinger
  9 | a1656_head_help = Online hjælp
 10 | 
 11 | 
 12 | a1656_subheader_basic1 = Forskellige overskrifter
 13 | a1656_subheader_basic2 = Sikkerhedsoverskrift
 14 | 
 15 | 
 16 | # Backend output
 17 | a1656_seo_modal_title = SEO-CheckUp
 18 | a1656_seo_modal_analyze = Analyse er indlæst ...
 19 | a1656_seo_modal_close = Luk
 20 | a1656_seo_modal_error = Fejl
 21 | a1656_seo_modal_legibility = Læsbarhed
 22 | a1656_seo_modal_artnotfound = Artikel ikke fundet
 23 | 
 24 | 
 25 | # Side: Generelt = Indstillinger
 26 | a1656_bas_active = aktivere
 27 | a1656_bas_remove = undertrykke
 28 | a1656_bas_includebackend = Inkluder backend
 29 | a1656_bas_property = Ejendom
 30 | 
 31 | a1656_bas_h_connection = Forbindelse: keep-alive
 32 | a1656_bas_h_vary = Vary: accept-encoding
 33 | a1656_bas_h_server = Serveridentifikator
 34 | a1656_bas_h_poweredby = X-Powered-By
 35 | a1656_bas_h_contenttype = X-Content-Type-Options: nosniff
 36 | a1656_bas_h_frame = X-Frame-Options
 37 | a1656_bas_h_xss = X-XSS-beskyttelse
 38 | a1656_bas_h_xss_block = Mode: Blokering
 39 | a1656_bas_h_referer = Referrer-Policy
 40 | a1656_bas_h_transport = Strict-Transport-Security
 41 | a1656_bas_h_transport_maxage = Gyldighed (sek.)
 42 | a1656_bas_h_transport_subdomæner = Inklusive subdomæner
 43 | a1656_bas_h_csp = Content-Security-Policy (Politik for indholdssikkerhed)
 44 | a1656_bas_h_csp_noeditor = Brug inputfelt i stedet for valg
 45 | a1656_bas_h_csp_editor = Definer egenskaber
 46 | a1656_bas_h_csp_definition = Gem CSP-definition
 47 | a1656_bas_h_csp_definition_example = Format: Content-Security-Policy: default-src https: 'unsafe-inline'; frame-ancestors 'none';
 48 | a1656_bas_h_csp_url_example = URL: https://www.domain.de
 49 | a1656_bas_h_fpp = funktion/tilladelsespolitik
 50 | a1656_bas_h_fpp_noeditor = brug inputfelter i stedet for valg
 51 | a1656_bas_h_fpp_editor = Definer egenskaber
 52 | a1656_bas_h_fpp_definition_f = Opbevarer funktionsdefinition
 53 | a1656_bas_h_fpp_definition_p = Lagre definition af tilladelser
 54 | a1656_bas_h_fpp_definition_f_example = Format: Feature-Policy: camera 'none'; microphone self;
 55 | a1656_bas_h_fpp_definition_p_example = Format: Tilladelsespolitik: camera=(), microphone=(self)
 56 | 
 57 | a1656_bas_h_csp_default = default-src
 58 | a1656_bas_h_csp_img = img-src
 59 | a1656_bas_h_csp_media = media-src
 60 | a1656_bas_h_csp_font = font-src
 61 | a1656_bas_h_csp_script = script-src
 62 | a1656_bas_h_csp_style = style-src
 63 | a1656_bas_h_csp_object = object-src
 64 | a1656_bas_h_csp_form = form-action
 65 | a1656_bas_h_csp_frame = frame-src
 66 | a1656_bas_h_csp_frameanc = frame-ancestors
 67 | a1656_bas_h_csp_connect = connect-src
 68 | a1656_bas_h_csp_manifest = manifest-src
 69 | 
 70 | a1656_bas_h_fpp_camera = kamera
 71 | a1656_bas_h_fpp_geolocation = geolocation
 72 | a1656_bas_h_fpp_gyro = gyroskop
 73 | a1656_bas_h_fpp_magnet = magnetometer
 74 | a1656_bas_h_fpp_micro = mikrofon
 75 | a1656_bas_h_fpp_usb = usb
 76 | a1656_bas_h_fpp_docdomain = dokument-domæne
 77 | a1656_bas_h_fpp_fullscreen = fuld skærm
 78 | a1656_bas_h_fpp_payment = betaling
 79 | 
 80 | a1656_bas_h_editor_https = https:
 81 | a1656_bas_h_editor_data = data:
 82 | a1656_bas_h_editor_blob = blob:
 83 | a1656_bas_h_editor_self = self
 84 | a1656_bas_h_editor_inline = usikker-inline
 85 | a1656_bas_h_editor_eval = usikker-eval
 86 | a1656_bas_h_editor_hashes = usikre hashes
 87 | a1656_bas_h_editor_none = ingen
 88 | 
 89 | 
 90 | # Andre standardindstillinger
 91 | a1656_example = prøve
 92 | a1656_examples = Eksempler...
 93 | a1656_overview = Oversigt:
 94 | 
 95 | a1656_search_all = alle
 96 | a1656_search_noselection = - ingen udvælgelse -.
 97 | a1656_search_sort = view
 98 | a1656_search_sort_onlyactive = kun aktive poster (online)
 99 | a1656_search_sort_onlyinactive = kun deaktiverede poster (offline)
100 | a1656_search_keyword = søgeord
101 | a1656_search_submit = søgning
102 | a1656_search_reset = nulstiller søgning
103 | a1656_search_notfound = Ingen poster fundet.
104 | a1656_search_more = flere muligheder
105 | a1656_search_cat = kategori
106 | a1656_search_maincat = hovedkategori
107 | a1656_search_archive = viser kun arkivposter
108 | 
109 | a1656_edit = ændre
110 | a1656_delete = slette
111 | a1656_online = online
112 | a1656_offline = offline
113 | a1656_new = tilføj
114 | a1656_save = gemme
115 | a1656_yes = ja
116 | a1656_no = nej
117 | a1656_showbox = vis/skjul
118 | a1656_showcss = Vis/skjul CSS
119 | 
120 | a1656_settings_saved = Indstillingerne er blevet gemt!
121 | a1656_module_saved = Modulet blev installeret!
122 | a1656_error = Der er opstået en fejl!
123 | a1656_notice = Meddelelse
124 | a1656_entry_saved = Opbevaret post
125 | a1656_entry_deleted = Post slettet
126 | a1656_error_saved = Fejl under lagring
127 | a1656_error_deleted = Fejl under sletning
128 | 
129 | a1656_dir = Vejviser
130 | a1656_destdir = Destinationsmappe
131 | a1656_notdeleted = kunne ikke slettes
132 | a1656_notcopyed = kunne ikke kopieres
133 | a1656_deletemodule = Slet venligst moduler, der er installeret via tilføjelsen i hånden.
134 | a1656_emptyfield = tomt eller ugyldigt
135 | a1656_charslenfield = er for kort
136 | 
137 | a1656_js_confirm = Ønsker du virkelig at installere modulet?


--------------------------------------------------------------------------------
/lang/nl_nl.lang:
--------------------------------------------------------------------------------
  1 | # addon: httpheader nl_nl 1.0
  2 | 
  3 | a1656_title = HTTP-header
  4 | 
  5 | a1656_default = Instellingen
  6 | a1656_help = Help
  7 | 
  8 | a1656_head_basics = Instellingen
  9 | a1656_head_help = Online hulp
 10 | 
 11 | 
 12 | a1656_subheader_basic1 = Diverse headers
 13 | a1656_subheader_basic2 = Beveiligingsheader
 14 | 
 15 | 
 16 | # Backend output
 17 | a1656_seo_modal_title = SEO-CheckUp
 18 | a1656_seo_modal_analyze = Analyse is geladen ...
 19 | a1656_seo_modal_close = Sluiten
 20 | a1656_seo_modal_error = Fout
 21 | a1656_seo_modal_legibility = Leesbaarheid
 22 | a1656_seo_modal_artnotfound = Artikel niet gevonden
 23 | 
 24 | 
 25 | # Pagina: Algemeen = Instellingen
 26 | a1656_bas_active = activeren
 27 | a1656_bas_remove = onderdrukken
 28 | a1656_bas_includebackend = Include backend
 29 | a1656_bas_property = Eigendom
 30 | 
 31 | a1656_bas_h_connection = Connection: keep-alive
 32 | a1656_bas_h_vary = Vary: accept-encoding
 33 | a1656_bas_h_server = Identificatiecode server
 34 | a1656_bas_h_poweredby = X-Powered-By
 35 | a1656_bas_h_contenttype = X-Content-Type-Options: nosniff
 36 | a1656_bas_h_frame = X-Frame-Options
 37 | a1656_bas_h_xss = X-XSS-bescherming
 38 | a1656_bas_h_xss_block = Modus: Blokkeren
 39 | a1656_bas_h_referer = Referrer-Policy
 40 | a1656_bas_h_transport = Strict-Transport-Security
 41 | a1656_bas_h_transport_maxage = Geldigheid (sec.)
 42 | a1656_bas_h_transport_subdomains = Inclusief subdomeinen
 43 | a1656_bas_h_csp = Content-Security-Policy
 44 | a1656_bas_h_csp_noeditor = Gebruik invoerveld in plaats van selectie
 45 | a1656_bas_h_csp_editor = Definieer eigenschappen
 46 | a1656_bas_h_csp_definition = CSP-definitie opslaan
 47 | a1656_bas_h_csp_definition_example = Format: Content-Security-Policy: default-src https: 'unsafe-inline'; frame-ancestors 'none';
 48 | a1656_bas_h_csp_url_example = URL: https://www.domain.de
 49 | a1656_bas_h_fpp = kenmerk/toelatingsbeleid
 50 | a1656_bas_h_fpp_noeditor = gebruik invoervelden in plaats van selectie
 51 | a1656_bas_h_fpp_editor = Definieer eigenschappen
 52 | a1656_bas_h_fpp_definition_f = Store feature definition
 53 | a1656_bas_h_fpp_definition_p = Store permissions definition
 54 | a1656_bas_h_fpp_definition_f_example = Format: Feature-Policy: camera 'none'; microfoon self;
 55 | a1656_bas_h_fpp_definition_p_example = Format: Permissions-Policy: camera=(), microphone=(self)
 56 | 
 57 | a1656_bas_h_csp_default = default-src
 58 | a1656_bas_h_csp_img = img-src
 59 | a1656_bas_h_csp_media = media-src
 60 | a1656_bas_h_csp_font = font-src
 61 | a1656_bas_h_csp_script = script-src
 62 | a1656_bas_h_csp_style = style-src
 63 | a1656_bas_h_csp_object = object-src
 64 | a1656_bas_h_csp_form = form-action
 65 | a1656_bas_h_csp_frame = frame-src
 66 | a1656_bas_h_csp_frameanc = frame-ancestors
 67 | a1656_bas_h_csp_connect = connect-src
 68 | a1656_bas_h_csp_manifest = manifest-src
 69 | 
 70 | a1656_bas_h_fpp_camera = camera
 71 | a1656_bas_h_fpp_geolocation = geolocatie
 72 | a1656_bas_h_fpp_gyro = gyroscoop
 73 | a1656_bas_h_fpp_magnet = magnetometer
 74 | a1656_bas_h_fpp_micro = microfoon
 75 | a1656_bas_h_fpp_usb = usb
 76 | a1656_bas_h_fpp_docdomain = document-domain
 77 | a1656_bas_h_fpp_fullscreen = volledig scherm
 78 | a1656_bas_h_fpp_payment = betaling
 79 | 
 80 | a1656_bas_h_editor_https = https:
 81 | a1656_bas_h_editor_data = data:
 82 | a1656_bas_h_editor_blob = blob:
 83 | a1656_bas_h_editor_self = self
 84 | a1656_bas_h_editor_inline = unsafe-inline
 85 | a1656_bas_h_editor_eval = unsafe-eval
 86 | a1656_bas_h_editor_hashes = onveilige-hashes
 87 | a1656_bas_h_editor_none = none
 88 | 
 89 | 
 90 | # Other defaults
 91 | a1656_voorbeeld = monster
 92 | a1656_voorbeelden = Voorbeelden...
 93 | a1656_overview = Overzicht:
 94 | 
 95 | a1656_search_all = all
 96 | a1656_search_noselection = - geen selectie -.
 97 | a1656_search_sort = weergave
 98 | a1656_search_sort_onlyactive = alleen actieve vermeldingen (online)
 99 | a1656_search_sort_onlyinactive = alleen gedeactiveerde vermeldingen (offline)
100 | a1656_search_keyword = zoekterm
101 | a1656_search_submit = zoeken
102 | a1656_search_reset = reset zoeken
103 | a1656_search_notfound = Geen vermeldingen gevonden.
104 | a1656_search_more = meer opties
105 | a1656_search_cat = categorie
106 | a1656_search_maincat = hoofdcategorie
107 | a1656_search_archive = alleen archiefvermeldingen tonen
108 | 
109 | a1656_edit = veranderen
110 | a1656_delete = verwijderen
111 | a1656_online = online
112 | a1656_offline = offline
113 | a1656_new = toevoegen
114 | a1656_save = opslaan
115 | a1656_yes = ja
116 | a1656_no = no
117 | a1656_showbox = tonen/verbergen
118 | a1656_showcss = toon/verberg CSS
119 | 
120 | a1656_settings_saved = De instellingen zijn opgeslagen!
121 | a1656_module_saved = De module is geïnstalleerd!
122 | a1656_error = Er is een fout opgetreden!
123 | a1656_notice = Kennisgeving
124 | a1656_entry_saved = Opgeslagen item
125 | a1656_entry_deleted = Toegang verwijderd
126 | a1656_error_saved = Fout tijdens opslaan
127 | a1656_error_deleted = Fout tijdens verwijderen
128 | 
129 | a1656_dir = Directory
130 | a1656_destdir = Bestemmingsdirectory
131 | a1656_notdeleted = kon niet worden verwijderd
132 | a1656_notcopyed = kon niet worden gekopieerd
133 | a1656_deletemodule = Verwijder modules die via de addon zijn geïnstalleerd met de hand.
134 | a1656_emptyfield = leeg of ongeldig
135 | a1656_charslenfield = is te kort
136 | 
137 | a1656_js_confirm = Wilt u de module echt installeren?


--------------------------------------------------------------------------------
/lang/de_de.lang:
--------------------------------------------------------------------------------
  1 | # addon: httpheader de_de 1.0
  2 | 
  3 | a1656_title = HTTP-Header
  4 | 
  5 | a1656_default = Einstellungen
  6 | a1656_help = Hilfe
  7 | 
  8 | a1656_head_basics = Einstellungen
  9 | a1656_head_help = Onlinehilfe
 10 | 
 11 | 
 12 | a1656_subheader_basic1 = Verschiedene Header
 13 | a1656_subheader_basic2 = Security-Header
 14 | 
 15 | 
 16 | # Backend-Ausgaben
 17 | a1656_seo_modal_title = SEO-CheckUp
 18 | a1656_seo_modal_analyze = Analyse wird geladen ...
 19 | a1656_seo_modal_close = Schließen
 20 | a1656_seo_modal_error = Fehler
 21 | a1656_seo_modal_legibility = Lesbarkeit
 22 | a1656_seo_modal_artnotfound = Artikel nicht gefunden
 23 | 
 24 | 
 25 | # Seite: Allgemein = Einstellungen
 26 | a1656_bas_active = aktivieren
 27 | a1656_bas_remove = unterdrücken
 28 | a1656_bas_includebackend = Inklusive Backend
 29 | a1656_bas_property = Eigenschaft
 30 | 
 31 | a1656_bas_h_connection = Connection: keep-alive
 32 | a1656_bas_h_vary = Vary: Accept-Encoding
 33 | a1656_bas_h_server = Serverkennung
 34 | a1656_bas_h_poweredby = X-Powered-By
 35 | a1656_bas_h_contenttype = X-Content-Type-Options: nosniff
 36 | a1656_bas_h_frame = X-Frame-Options
 37 | a1656_bas_h_xss = X-XSS-Protection
 38 | a1656_bas_h_xss_block = Modus: Blockieren
 39 | a1656_bas_h_referer = Referrer-Policy
 40 | a1656_bas_h_transport = Strict-Transport-Security
 41 | a1656_bas_h_transport_maxage = Gültigkeit (sek.)
 42 | a1656_bas_h_transport_subdomains = Inklusive SubDomains
 43 | a1656_bas_h_csp = Content-Security-Policy
 44 | a1656_bas_h_csp_noeditor = Eingabefeld anstatt Auswahl nutzen
 45 | a1656_bas_h_csp_editor = Eigenschaften definieren
 46 | a1656_bas_h_csp_definition = CSP-Definition hinterlegen
 47 | a1656_bas_h_csp_definition_example = Format: Content-Security-Policy: default-src https: 'unsafe-inline'; frame-ancestors 'none';
 48 | a1656_bas_h_csp_url_example = URL: https://www.domain.de
 49 | a1656_bas_h_fpp = Feature-/Permissions-Policy
 50 | a1656_bas_h_fpp_noeditor = Eingabefelder anstatt Auswahl nutzen
 51 | a1656_bas_h_fpp_editor = Eigenschaften definieren
 52 | a1656_bas_h_fpp_definition_f = Feature-Definition hinterlegen
 53 | a1656_bas_h_fpp_definition_p = Permissions-Definition hinterlegen
 54 | a1656_bas_h_fpp_definition_f_example = Format: Feature-Policy: camera 'none'; microphone self;
 55 | a1656_bas_h_fpp_definition_p_example = Format: Permissions-Policy: camera=(), microphone=(self)
 56 | 
 57 | a1656_bas_h_csp_default = default-src
 58 | a1656_bas_h_csp_img = img-src
 59 | a1656_bas_h_csp_media = media-src
 60 | a1656_bas_h_csp_font = font-src
 61 | a1656_bas_h_csp_script = script-src
 62 | a1656_bas_h_csp_style = style-src
 63 | a1656_bas_h_csp_object = object-src
 64 | a1656_bas_h_csp_form = form-action
 65 | a1656_bas_h_csp_frame = frame-src
 66 | a1656_bas_h_csp_frameanc = frame-ancestors
 67 | a1656_bas_h_csp_connect = connect-src
 68 | a1656_bas_h_csp_manifest = manifest-src
 69 | 
 70 | a1656_bas_h_fpp_camera = camera
 71 | a1656_bas_h_fpp_geolocation = geolocation
 72 | a1656_bas_h_fpp_gyro = gyroscope
 73 | a1656_bas_h_fpp_magnet = magnetometer
 74 | a1656_bas_h_fpp_micro = microphone
 75 | a1656_bas_h_fpp_usb = usb
 76 | a1656_bas_h_fpp_docdomain = document-domain
 77 | a1656_bas_h_fpp_fullscreen = fullscreen
 78 | a1656_bas_h_fpp_payment = payment
 79 | 
 80 | a1656_bas_h_editor_https = https:
 81 | a1656_bas_h_editor_data = data:
 82 | a1656_bas_h_editor_blob = blob:
 83 | a1656_bas_h_editor_self = self
 84 | a1656_bas_h_editor_inline = unsafe-inline
 85 | a1656_bas_h_editor_eval = unsafe-eval
 86 | a1656_bas_h_editor_hashes = unsafe-hashes
 87 | a1656_bas_h_editor_none = none
 88 | 
 89 | 
 90 | # Sonstige Vorgaben
 91 | a1656_example = Beispiel
 92 | a1656_examples = Beispiele...
 93 | a1656_overview = Übersicht:
 94 | 
 95 | a1656_search_all = alle
 96 | a1656_search_noselection = - keine Auswahl -
 97 | a1656_search_sort = Ansicht
 98 | a1656_search_sort_onlyactive = nur aktive Einträge (online)
 99 | a1656_search_sort_onlyinactive = nur deaktivierte Einträge (offline)
100 | a1656_search_keyword = Suchbegriff
101 | a1656_search_submit = suchen
102 | a1656_search_reset = Suche zurücksetzen
103 | a1656_search_notfound = Es wurden keine Einträge gefunden.
104 | a1656_search_more = mehr Optionen
105 | a1656_search_cat = Kategorie
106 | a1656_search_maincat = Hauptkategorie
107 | a1656_search_archive = Nur Archiveinträge anzeigen
108 | 
109 | a1656_edit = ändern
110 | a1656_delete = löschen
111 | a1656_online = online
112 | a1656_offline = offline
113 | a1656_new = hinzufügen
114 | a1656_save = Speichern
115 | a1656_yes = ja
116 | a1656_no = nein
117 | a1656_showbox = anzeigen/ausblenden
118 | a1656_showcss = CSS anzeigen/ausblenden
119 | 
120 | a1656_settings_saved = Die Einstellungen wurden gespeichert!
121 | a1656_module_saved = Das Modul wurde installiert!
122 | a1656_error = Es ist ein Fehler aufgetreten!
123 | a1656_notice = Hinweis
124 | a1656_entry_saved = Eintrag gespeichert
125 | a1656_entry_deleted = Eintrag gelöscht
126 | a1656_error_saved = Fehler beim Speichern
127 | a1656_error_deleted = Fehler beim Löschen
128 | 
129 | a1656_dir = Verzeichnis
130 | a1656_destdir = Zielverzeichnis
131 | a1656_notdeleted = konnte nicht gelöscht werden
132 | a1656_notcopyed = konnte nicht kopiert werden
133 | a1656_deletemodule = Bitte löschen Sie über das Addon installierte Module von Hand.
134 | a1656_emptyfield = leer oder ungültig
135 | a1656_charslenfield = ist zu kurz
136 | 
137 | a1656_js_confirm = Wollen Sie das Modul wirklich installieren?


--------------------------------------------------------------------------------
/install.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /*
  3 | 	Redaxo-Addon HTTP-Header
  4 | 	Installation
  5 | 	v1.1.3
  6 | 	by Falko Müller @ 2021-2023
  7 | 	package: redaxo5
  8 | */
  9 | 
 10 | //Variablen deklarieren
 11 | $mypage = $this->getProperty('package');
 12 | $error = "";
 13 | 
 14 | 
 15 | //Vorgaben vornehmen
 16 | if (!$this->hasConfig()):
 17 | 	$this->setConfig('config', [
 18 | 		'h_connection'				=> 'checked',
 19 | 		'h_connection_be'			=> '',
 20 | 		'h_vary'					=> 'checked',
 21 | 		'h_vary_be'					=> '',
 22 | 		'h_server'					=> 'checked',
 23 | 		'h_server_be'				=> '',
 24 | 		'h_poweredby'				=> 'checked',
 25 | 		'h_poweredby_be'			=> '',
 26 | 		'h_contenttype'				=> '',
 27 | 		'h_contenttype_be'			=> '',
 28 | 		'h_frame'					=> '',
 29 | 		'h_frame_be'				=> '',
 30 | 		'h_frame_option'			=> 'SAMEORIGIN',
 31 | 		'h_xss'						=> 'checked',
 32 | 		'h_xss_be'					=> '',
 33 | 		'h_xss_block'				=> 'checked',
 34 | 		'h_referer'					=> 'checked',
 35 | 		'h_referer_be'				=> '',
 36 | 		'h_referer_option'			=> 'same-origin',
 37 | 		'h_transport'				=> '',
 38 | 		'h_transport_be'			=> '',
 39 | 		'h_transport_maxage'		=> '31536000',
 40 | 		'h_transport_subdomains'	=> '',
 41 | 		'h_csp'						=> '',
 42 | 		'h_csp_be'					=> '',
 43 | 		'h_csp_noeditor'			=> '',
 44 | 		'h_csp_definition'			=> '',
 45 | 		
 46 | 		'h_csp_default_https'		=> 'checked',
 47 | 		'h_csp_default_data'		=> '',
 48 | 		'h_csp_default_blob'		=> '',
 49 | 		'h_csp_default_self'		=> '',
 50 | 		'h_csp_default_inline'		=> '',
 51 | 		'h_csp_default_eval'		=> '',
 52 | 		'h_csp_default_hashes'		=> '',
 53 | 		'h_csp_default_none'		=> '',
 54 | 		'h_csp_default_url'			=> '',
 55 | 		
 56 | 		'h_csp_img_https'			=> '',
 57 | 		'h_csp_img_data'			=> 'checked',
 58 | 		'h_csp_img_blob'			=> '',
 59 | 		'h_csp_img_self'			=> '',
 60 | 		'h_csp_img_inline'			=> '',
 61 | 		'h_csp_img_eval'			=> '',
 62 | 		'h_csp_img_hashes'			=> '',
 63 | 		'h_csp_img_none'			=> '',
 64 | 		'h_csp_img_url'			=> '',
 65 | 		
 66 | 		'h_csp_media_https'			=> '',
 67 | 		'h_csp_media_data'			=> '',
 68 | 		'h_csp_media_blob'			=> '',
 69 | 		'h_csp_media_self'			=> '',
 70 | 		'h_csp_media_inline'		=> '',
 71 | 		'h_csp_media_eval'			=> '',
 72 | 		'h_csp_media_hashes'		=> '',
 73 | 		'h_csp_media_none'			=> '',
 74 | 		'h_csp_media_url'			=> '',
 75 | 		
 76 | 		'h_csp_font_https'			=> '',
 77 | 		'h_csp_font_data'			=> 'checked',
 78 | 		'h_csp_font_blob'			=> '',
 79 | 		'h_csp_font_self'			=> '',
 80 | 		'h_csp_font_inline'			=> '',
 81 | 		'h_csp_font_eval'			=> '',
 82 | 		'h_csp_font_hashes'			=> '',
 83 | 		'h_csp_font_none'			=> '',
 84 | 		'h_csp_font_url'			=> '',
 85 | 		
 86 | 		'h_csp_script_https'		=> '',
 87 | 		'h_csp_script_data'			=> '',
 88 | 		'h_csp_script_blob'			=> '',
 89 | 		'h_csp_script_self'			=> '',
 90 | 		'h_csp_script_inline'		=> 'checked',
 91 | 		'h_csp_script_eval'			=> '',
 92 | 		'h_csp_script_hashes'		=> '',
 93 | 		'h_csp_script_none'			=> '',
 94 | 		'h_csp_script_url'			=> '',
 95 | 		
 96 | 		'h_csp_style_https'			=> '',
 97 | 		'h_csp_style_data'			=> '',
 98 | 		'h_csp_style_blob'			=> '',
 99 | 		'h_csp_style_self'			=> '',
100 | 		'h_csp_style_inline'		=> 'checked',
101 | 		'h_csp_style_eval'			=> '',
102 | 		'h_csp_style_hashes'		=> '',
103 | 		'h_csp_style_none'			=> '',
104 | 		'h_csp_style_url'			=> '',
105 | 		
106 | 		'h_csp_object_https'		=> '',
107 | 		'h_csp_object_data'			=> '',
108 | 		'h_csp_object_blob'			=> '',
109 | 		'h_csp_object_self'			=> '',
110 | 		'h_csp_object_inline'		=> '',
111 | 		'h_csp_object_eval'			=> '',
112 | 		'h_csp_object_hashes'		=> '',
113 | 		'h_csp_object_none'			=> '',
114 | 		'h_csp_object_url'			=> '',
115 | 		
116 | 		'h_csp_form_https'			=> '',
117 | 		'h_csp_form_data'			=> '',
118 | 		'h_csp_form_blob'			=> '',
119 | 		'h_csp_form_self'			=> 'checked',
120 | 		'h_csp_form_inline'			=> '',
121 | 		'h_csp_form_eval'			=> '',
122 | 		'h_csp_form_hashes'			=> '',
123 | 		'h_csp_form_none'			=> '',
124 | 		'h_csp_form_url'			=> '',
125 | 		
126 | 		'h_csp_frame_https'			=> '',
127 | 		'h_csp_frame_data'			=> '',
128 | 		'h_csp_frame_blob'			=> '',
129 | 		'h_csp_frame_self'			=> '',
130 | 		'h_csp_frame_inline'		=> '',
131 | 		'h_csp_frame_eval'			=> '',
132 | 		'h_csp_frame_hashes'		=> '',
133 | 		'h_csp_frame_none'			=> '',
134 | 		'h_csp_frame_url'			=> '',
135 | 		
136 | 		'h_csp_frameanc_https'		=> '',
137 | 		'h_csp_frameanc_data'		=> '',
138 | 		'h_csp_frameanc_blob'		=> '',
139 | 		'h_csp_frameanc_self'		=> '',
140 | 		'h_csp_frameanc_none'		=> 'checked',
141 | 		'h_csp_frameanc_url'		=> '',
142 | 		
143 | 		'h_csp_connect_https'		=> '',
144 | 		'h_csp_connect_data'		=> '',
145 | 		'h_csp_connect_blob'		=> '',
146 | 		'h_csp_connect_self'		=> '',
147 | 		'h_csp_connect_inline'		=> '',
148 | 		'h_csp_connect_eval'		=> '',
149 | 		'h_csp_connect_hashes'		=> '',
150 | 		'h_csp_connect_none'		=> '',
151 | 		'h_csp_connect_url'			=> '',
152 | 		
153 | 		'h_csp_manifest_https'		=> '',
154 | 		'h_csp_manifest_data'		=> '',
155 | 		'h_csp_manifest_blob'		=> '',
156 | 		'h_csp_manifest_self'		=> '',
157 | 		'h_csp_manifest_inline'		=> '',
158 | 		'h_csp_manifest_eval'		=> '',
159 | 		'h_csp_manifest_hashes'		=> '',
160 | 		'h_csp_manifest_none'		=> '',
161 | 		'h_csp_manifest_url'		=> '',
162 | 
163 | 
164 | 		'h_fpp'						=> '',
165 | 		'h_fpp_be'					=> '',
166 | 		'h_fpp_noeditor'			=> '',
167 | 		'h_fpp_definition_f'		=> '',
168 | 		'h_fpp_definition_p'		=> '',
169 | 		
170 | 		'h_fpp_cam_self'			=> '',
171 | 		'h_fpp_cam_none'			=> 'checked',
172 | 		
173 | 		'h_fpp_geo_self'			=> '',
174 | 		'h_fpp_geo_none'			=> 'checked',
175 | 		
176 | 		'h_fpp_gyro_self'			=> '',
177 | 		'h_fpp_gyro_none'			=> 'checked',
178 | 		
179 | 		'h_fpp_mag_self'			=> '',
180 | 		'h_fpp_mag_none'			=> 'checked',
181 | 		
182 | 		'h_fpp_mic_self'			=> '',
183 | 		'h_fpp_mic_none'			=> 'checked',
184 | 		
185 | 		'h_fpp_usb_self'			=> '',
186 | 		'h_fpp_usb_none'			=> 'checked',
187 | 		
188 | 		'h_fpp_docdom_self'			=> '',
189 | 		'h_fpp_docdom_none'			=> '',
190 | 		
191 | 		'h_fpp_full_self'			=> '',
192 | 		'h_fpp_full_none'			=> '',
193 | 		
194 | 		'h_fpp_pay_self'			=> '',
195 | 		'h_fpp_pay_none'			=> '',		
196 | 	]);
197 | endif;
198 | 
199 | 
200 | //Datenbank-Spalten anlegen, sofern noch nicht verfügbar
201 | 
202 | 
203 | //Module anlegen
204 | 
205 | 
206 | //Aktionen anlegen
207 | 
208 | 
209 | //Templates anlegen
210 | ?>


--------------------------------------------------------------------------------
/functions/functions.inc.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /*
  3 | 	Redaxo-Addon HTTP-Header
  4 | 	Globale-Funktionen
  5 | 	v1.0
  6 | 	by Falko Müller @ 2021
  7 | 	package: redaxo5
  8 | */
  9 | 
 10 | //aktive Session prüfen
 11 | 
 12 | 
 13 | //globale Variablen
 14 | 
 15 | 
 16 | //Funktionen
 17 | //Maskierungen + Tags
 18 | if (!function_exists('aFM_maskChar')):
 19 | 	function aFM_maskChar($str)
 20 | 	{	//Maskiert folgende Sonderzeichen: & " < > '
 21 | 		$str = stripslashes($str);
 22 | 		$str = htmlspecialchars($str, ENT_QUOTES);
 23 | 		$str = trim($str);
 24 | 		
 25 | 		return $str;
 26 | 	}
 27 | endif;
 28 | if (!function_exists('aFM_maskArray')):
 29 | 	function aFM_maskArray($arr)
 30 | 	{	if (is_array($arr)):
 31 | 			$arr = array_map(function($str) { return aFM_maskChar($str); }, $arr);
 32 | 		endif;
 33 | 		
 34 | 		return $arr;
 35 | 	}
 36 | endif;
 37 | if (!function_exists('aFM_maskSingleQuote')):
 38 | 	function aFM_maskSingleQuote($str)
 39 | 	{	//Ersetzt Single-Quotes: '
 40 | 		return str_replace("'", "&#039;", $str);
 41 | 	}
 42 | endif;
 43 | if (!function_exists('aFM_maskDoubleQuote')):
 44 | 	function aFM_maskDoubleQuote($str)
 45 | 	{	//Ersetzt Double-Quotes: "
 46 | 		return str_replace('"', "&quot;", $str);
 47 | 	}
 48 | endif;
 49 | if (!function_exists('aFM_maskSql')):
 50 | 	function aFM_maskSql($str)
 51 | 	{	//Maskiert desn Wert für DB-Abfrage
 52 | 		$s = array("\\",  "\x00", "\n",  "\r",  "'",  '"', "\x1a");
 53 |     	$r = array("\\\\","\\0","\\n", "\\r", "\'", '\"', "\\Z");
 54 | 		return str_replace($s, $r, $str);
 55 | 	}
 56 | endif;
 57 | 
 58 | if (!function_exists('aFM_unmaskQuotes')):
 59 | 	function aFM_unmaskQuotes($str)
 60 | 	{	//Demaskiert folgende Anführungszeichen: " '
 61 | 		return str_replace(array("&quot;", "&#039;"), array('"', "'"), $str);
 62 | 	}
 63 | endif;
 64 | if (!function_exists('aFM_revChar')):
 65 | 	function aFM_revChar($str)
 66 | 	{	//Demaskiert folgende Sonderzeichen: & " < > '
 67 | 		$chars = array("&amp;amp;quot;"=>'"', "&amp;quot;"=>'"', "&amp;"=>"&", "&lt;"=>"<", "&gt;"=>">", "&quot;"=>'"', "&#039;"=>"'");
 68 | 		foreach ($chars as $key => $value):
 69 | 			$str = str_replace($key, $value, $str);
 70 | 		endforeach;
 71 | 		
 72 | 		return $str;
 73 | 	}
 74 | endif;
 75 | 
 76 | if (!function_exists('aFM_blockTags')):
 77 | 	function aFM_blockTags($str)
 78 | 	{	//Entfernt bekannte Tags (PHP, JS, HTML)
 79 | 		if ($str != ""):
 80 | 			$str = stripslashes($str);
 81 | 			$str = str_replace("\xc2\xa0", ' ', $str);	//&nbsp; als UTF8 ersetzen in nortmales WhiteSpace
 82 | 			$str = strip_tags($str);
 83 | 				$phps = array("/<\?php/i", "/<\?/i", "/<%/i", "/<script language=\"php\">/i", "/<script language='php'>/i", "/\?>/i", "/%>/i");
 84 | 					foreach ($phps as $key):
 85 | 						$str = preg_replace($key, "", $str);
 86 | 					endforeach;
 87 | 				$js = array("/<script.*>/i", "/<\/script>/i");
 88 | 					foreach ($js as $key):
 89 | 						$str = preg_replace($key, "", $str);
 90 | 					endforeach;
 91 | 			$str = trim($str);
 92 | 		endif;
 93 | 		
 94 | 		return $str;
 95 | 	}
 96 | endif;
 97 | if (!function_exists('aFM_noQuote')):
 98 | 	function aFM_noQuote($str)
 99 | 	{	//Ersetzt Double-Quotes: "
100 | 		return str_replace('"', "'", $str);
101 | 	}
102 | endif;
103 | if (!function_exists('aFM_textOnly')):
104 | 	function aFM_textOnly($str, $nobreak = false)
105 | 	{	//Entfernt HTML-Tags, Zeilenumbrüche und Tabstops
106 | 		if ($str != ""):
107 | 			$str = stripslashes($str);
108 | 			$str = str_replace("\xc2\xa0", ' ', $str);	//&nbsp; als UTF8 ersetzen in nortmales WhiteSpace
109 | 			$str = str_replace("\t", ' ', $str);		//Tabstop (\t) ersetzen in normales WhiteSpace
110 | 			$str = strip_tags(nl2br($str));
111 | 			$str = ($nobreak) ? str_replace(array("\r\n","\n\r", "\n", "\r"), "", $str) : $str;
112 | 			$str = trim($str);
113 | 		endif;
114 | 		
115 | 		return $str;
116 | 	}
117 | endif;
118 | 
119 | 
120 | //Strip-Tags Funktion, zur besserern Entfernung von Tags ab PHP 5.3.4
121 | if (!function_exists('aFM_stripTags')):
122 | 	function aFM_stripTags($str, $allowed_tags = array())
123 | 	{	//Aufrufe: aFM_stripTags($str);			aFM_stripTags($str, array('h1','a'));
124 | 		$allowed_tags = array_map(strtolower, $allowed_tags);
125 | 	
126 | 		$rstr = preg_replace_callback('/<\/?([^>\s]+)[^>]*>/i', function ($matches) use (&$allowed_tags) {
127 | 			return in_array(strtolower($matches[1]), $allowed_tags) ? $matches[0] : '';
128 | 		}, $str);
129 | 		
130 | 		return $rstr;
131 | 	}
132 | endif;
133 | 
134 | 
135 | //Wandelt AJAX-Parameter wieder korrekt in UTF8 um
136 | if (!function_exists('aFM_utf8urldecode')):
137 | 	function aFM_utf8urldecode($str) {
138 | 		$str = preg_replace("/%u([0-9a-f]{3,4})/i","&#x\\1;", urldecode($str));
139 | 		return html_entity_decode($str, null, 'UTF-8');
140 | 	} 
141 | endif;
142 | 
143 | 
144 | //Texte kürzen inkl. Beachtung von HTML-Tags
145 | if (!function_exists('aFM_substr')):
146 | 	function aFM_substr($str, $limit=100, $isUtf8=true)
147 | 	{	$ret = ""; $retLength = $position = 0;
148 | 		$tags = array();
149 | 		
150 | 		$re = ($isUtf8) ? '{</?([a-z]+)[^>]*>|&#?[a-zA-Z0-9]+;|[\x80-\xFF][\x80-\xBF]*}' : '{</?([a-z]+)[^>]*>|&#?[a-zA-Z0-9]+;}';
151 | 		
152 | 		while ($retLength < $limit && preg_match($re, $str, $match, PREG_OFFSET_CAPTURE, $position)):
153 | 			list($tag, $tagPosition) = $match[0];
154 | 		
155 | 			//print text leading up to the tag
156 | 			$tmp = substr($str, $position, $tagPosition - $position);
157 | 			
158 | 			if ($retLength + strlen($tmp) > $limit):
159 | 				$ret .= substr($tmp, 0, $limit - $retLength);
160 | 				$retLength = $limit;
161 | 				break;
162 | 			endif;
163 | 			
164 | 			$ret .= $tmp;
165 | 			$retLength += strlen($tmp);
166 | 			
167 | 			if ($retLength >= $limit) break;
168 | 			
169 | 			if ($tag[0] == '&' || ord($tag) >= 0x80):
170 | 				//pass the entity or UTF-8 multibyte sequence through unchanged
171 | 				$ret .= $tag;
172 | 				$retLength++;
173 | 			else:
174 | 				//handle the tag
175 | 				$tagName = $match[1][0];
176 | 				
177 | 				if ($tag[1] == '/'):
178 | 					//this is a closing tag
179 | 					$openingTag = array_pop($tags);
180 | 					assert($openingTag == $tagName); 			//check that tags are properly nested		
181 | 					$ret .= $tag;
182 | 				elseif ($tag[strlen($tag) - 2] == '/'):
183 | 					//self-closing tag
184 | 					$ret .= $tag;
185 | 				else:
186 | 					//opening tag
187 | 					$ret .= $tag;
188 | 					$tags[] = $tagName;
189 | 				endif;
190 | 			endif;	
191 | 			
192 | 			$position = $tagPosition + strlen($tag);			//continue after the tag
193 | 		endwhile;
194 | 		
195 | 		if ($retLength < $limit && $position < strlen($str)) { $ret .= substr($str, $position, $limit - $retLength); }		//print any remaining text
196 | 		while (!empty($tags)) $ret .= '</'.array_pop($tags).'>';																	//close any open tags
197 | 		
198 | 		return $ret;
199 | 	}
200 | endif;
201 | 
202 | 
203 | //Funktionen: Addon-only


--------------------------------------------------------------------------------
/pages/help.inc.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /*
  3 | 	Redaxo-Addon HTTP-Header
  4 | 	Verwaltung: Hilfe
  5 | 	v1.0
  6 | 	by Falko Müller @ 2021
  7 | 	package: redaxo5
  8 | */
  9 | ?>
 10 | 
 11 | <style>
 12 | .faq { margin: 0px !important; cursor: pointer; }
 13 | .faq + div { margin: 0px 0px 15px; }
 14 | </style>
 15 | 
 16 | <section class="rex-page-section">
 17 | 	<div class="panel panel-default">
 18 | 
 19 | 		<header class="panel-heading"><div class="panel-title"><?php echo $this->i18n('a1656_head_help'); ?></div></header>
 20 |         
 21 | 		<div class="panel-body">
 22 | 			<div class="rex-docs">
 23 | 				<div class="rex-docs-sidebar">
 24 |                 	<nav class="rex-nav-toc">
 25 |                     	<ul>
 26 |                         	<li><a href="#default">Wichtige Information</a>
 27 |                             <li><a href="#header">Header</a>
 28 |                             <li><a href="#autor">Autor</a>
 29 |                       </ul>
 30 |                     </nav>
 31 |         	    </div>
 32 |                 
 33 | 				<div class="rex-docs-content">
 34 |                 
 35 | 					<h1>Addon: <?php echo $this->i18n('a1656_title'); ?></h1>
 36 | 
 37 | 					<p>Mit dieser Erweiterung können verschiedene Webseiten-Header zur Einstellung von Sicherheitsmaßnahmen und Optimierungen aktiviert werden.
 38 | 				  </p>
 39 | <p>&nbsp;</p>
 40 |                   <h2>Wichtige Information</h2>
 41 |               
 42 |               
 43 |                     
 44 |                     <!-- Allgemein (Artikel-Checkup) -->
 45 |                     <a name="default"></a>
 46 |                                   <p><strong>Prüfen Sie immer den jeweils gesetzten Header, da es u.U. passieren kann, dass die Webseite anschließend nicht mehr wie gewünscht funktioniert.</strong></p>
 47 |                   <p>Des weiteren werden nicht alle Header von allen Browsern berücksichtigt. Auch unterstützen nicht alle Webserver alle Header bzw. können die Aktivierung auch verhindern.</p>
 48 |                   <p>Prüfen Sie nach der Aktivierung der Header Ihre Webseite und die korrekte Funktion der Header.<br>
 49 |                   Nützliche Prüftools sind u.a.:</p>
 50 |                   <ul>
 51 |                     <li><a href="https://gf.dev/http-headers-test" target="_blank">https://gf.dev/http-headers-test</a></li>
 52 |                     <li><a href="https://securityheaders.com" target="_blank">https://securityheaders.com</a></li>
 53 |                     <li><a href="https://observatory.mozilla.org" target="_blank">https://observatory.mozilla.org</a></li>
 54 |                     <li><a href="https://siwecos.de" target="_blank">https://siwecos.de</a></li>
 55 |                     <li><a href="https://csp-evaluator.withgoogle.com" target="_blank">https://csp-evaluator.withgoogle.com</a></li>
 56 |                   </ul>
 57 | <p>&nbsp;</p>
 58 |               
 59 |               
 60 |                     
 61 |                     <!-- Header -->
 62 |                     <a name="urlcheckup"></a>
 63 |                   <h2>Einstellungen</h2>
 64 |                   
 65 |                   <p>Jeder Header kann separat aktiviert werden und bedarf u.U. noch weiterer Optionen.</p>
 66 |                   <p> Die Aktivierung des jeweiligen Header erfolgt immer für das Frontend - Ihre Webseite. <br>
 67 |                     Sofern der jeweilige Header auch für das Backend (Redaxo) aktiviert werden soll, so setzen Sie die Option &quot;Inklusive Backend&quot; auf aktiv.
 68 |                   </p>
 69 |                   <p>&nbsp;</p>
 70 | 
 71 |                   <table width="100%" border="0" cellspacing="0" cellpadding="0">
 72 |                       <tr>
 73 |                         <th scope="col">Header</th>
 74 |                         <th scope="col">Erklärung</th>
 75 |                     </tr>
 76 |                       <tr>
 77 |                         <td valign="top"><strong>Connection keep-alive</strong></td>
 78 |                         <td valign="top">Die Verbindung soll nicht nach jeder Anfrage beendet werden, um die Ladegeschwindigkeit zu erhöhen.</td>
 79 |                       </tr>
 80 |                       <tr>
 81 |                         <td valign="top"><strong>Vary Accept-Encoding</strong></td>
 82 |                         <td valign="top">Der Client soll erfahren können, welche Komprimierung die Website verwendet.</td>
 83 |                       </tr>
 84 |                       <tr>
 85 |                         <td valign="top"><strong>Serverkennung</strong></td>
 86 |                         <td valign="top">Über diesen Header kann je nach Servereinstellung die Ausgabe des Servertyps unterdrückt werden.</td>
 87 |                       </tr>
 88 |                       <tr>
 89 |                         <td valign="top"><strong>X-Powered-By</strong></td>
 90 |                         <td valign="top">Über diesen Header kann je nach Servereinstellung die Ausgabe der PHP-Version unterdrückt werden.</td>
 91 |                       </tr>
 92 |                       <tr>
 93 |                         <td valign="top"><strong>X-Content-Type-Options</strong></td>
 94 |                         <td valign="top">Mit diesem Header können Browser angewiesen werden, aufgerufene Dateien nicht als etwas anderes zu interpretiern als vom Inhaltstyp definiert.</td>
 95 |                       </tr>
 96 |                       <tr>
 97 |                         <td valign="top"><strong>X-Frame-Options</strong></td>
 98 |                         <td valign="top">Das Setzen von X-Frame-Options hilft dabei, Angriffe über Framing-Mechanismen zu unterbinden.</td>
 99 |                       </tr>
100 |                         <tr>
101 |                           <td valign="top"><strong>X-XSS-Protection</strong></td>
102 |                           <td valign="top">Der X-XSS-Header definiert, wie in Browsern eingebaute XSS-Filter konfiguriert werden.</td>
103 |                         </tr>
104 |                         <tr>
105 |                           <td valign="top"><strong>Referrer-Policy</strong></td>
106 |                           <td valign="top">Mit der Referrer Policy wird geregelt, welche der Referrer-Informationen in Anfragen aufgenommen werden sollen und welche nicht.</td>
107 |                         </tr>
108 |                         <tr>
109 |                           <td width="200" valign="top"><strong>Strict-Transport-Security</strong></td>
110 |                           <td valign="top">Strict-Transport-Security stellt sicher, dass die Webseite für die deefinierte Zeit lediglich über HTTPS aufgerufen werden kann.<br>
111 |                           <br>
112 |                           Die Angabe &quot;max-age&quot; ist dabei für eine korrekte Funktion Pflicht.</td>
113 |                         </tr>
114 |                         <tr>
115 |                           <td valign="top"><strong>Content-Security-Policy</strong></td>
116 |                           <td valign="top">Die Content-Security-Policy definiert, aus welchen Quellen verschiedene Anfragen/Ressourcen, welche das Injizieren und Ausführen von evtl. bösartigen Befehlen, eingebunden werden dürfen.<br>
117 |                           <br>
118 |                           Die default-Angabe sollte dabei immer gesetzt werden. Alle weiteren Angaben ändern die default-Angabe entsprechend ab.</td>
119 |                         </tr>
120 |                         <tr>
121 |                           <td valign="top"><strong>Featuer-/Permissions-Policy</strong></td>
122 |                           <td valign="top">Mit der Permissions-Policy (früher Feature-Policy) kann dem Webbrowser mitgeteilt werden,   auf welche Browser- bzw. Systemfeatures zugegriffen werden kann.<br>
123 |                             <br>
124 |                           Werden keine Features/Permissions definiert, so ist der Zugriff auf entsprechende Features immer möglich.</td>
125 |                         </tr>
126 |                   </table>
127 |                   </table>
128 | 
129 | 
130 | 				  <p>Weitere Information zu den Headern finden Sie hier:</p>
131 | 				  <ul>
132 | 				    <li><a href="https://siwecos.de/wiki/Kategorie:Glossar" target="_blank">https://siwecos.de/wiki/Kategorie:Glossar</a></li>
133 | 				    <li><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers</a></li>
134 |                     <li><a href="https://wiki.selfhtml.org/wiki/Sicherheit" target="_blank">https://wiki.selfhtml.org/wiki/Sicherheit</a></li>
135 | 			      </ul>
136 |               
137 |               
138 |                     
139 |                     <!-- Autor -->
140 |                     <a name="autor"></a>
141 |                   <h2>Autoren / Projekt-Leads</h2>
142 |                   
143 |                   <p><strong>Friends Of REDAXO</strong></p>
144 |                   
145 |                   <p><a href="https://github.com/iceman-fx" target="_blank">Falko Müller</a><br><a href="https://getaweb.de">
146 |                   getaweb / Oliver Kreischer</a></p>
147 | 
148 |                   
149 | <p>&nbsp;</p>
150 |                     
151 |                     <h3>Fragen, Wünsche, Probleme?</h3>
152 |                     Du hast einen Fehler gefunden oder ein nettes Feature parat?<br>
153 | 				Lege ein Issue unter <a href="<?php echo $this->getProperty('supportpage'); ?>" target="_blank"><?php echo $this->getProperty('supportpage'); ?></a> an. </div>
154 |             </div>
155 | 
156 | 	  </div>
157 | 	</div>
158 | </section>


--------------------------------------------------------------------------------
/pages/index.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /*
  3 | 	Redaxo-Addon HTTP-Header
  4 | 	Verwaltung: index
  5 | 	v1.0
  6 | 	by Falko Müller @ 2021
  7 | 	package: redaxo5
  8 | */
  9 | 
 10 | //Variablen deklarieren
 11 | $mypage = $this->getProperty('package');
 12 | 
 13 | $page = rex_request('page', 'string');
 14 | $subpage = rex_be_controller::getCurrentPagePart(2);						//Subpages werden aus page-Pfad ausgelesen (getrennt mit einem Slash, z.B. page=demo_addon/subpage -> 2 = zweiter Teil)
 15 | 	$tmp = rex_request('subpage', 'string');
 16 | 	$subpage = (!empty($tmp)) ? $tmp : $subpage;
 17 | $subpage2 = rex_be_controller::getCurrentPagePart(3);						//2. Unterebene = dritter Teil des page-Parameters
 18 | 	$subpage2 = preg_replace("/.*-([0-9])$/i", "$1", $subpage2);			//Auslesen der ClangID
 19 | $func = rex_request('func', 'string');
 20 | 
 21 | 	
 22 | //Userrechte prüfen
 23 | //$isAdmin = ( is_object($REX['USER']) AND ($REX['USER']->hasPerm($mypage.'[admin]') OR $REX['USER']->isAdmin()) ) ? true : false;
 24 | 
 25 | 
 26 | //Seitentitel ausgeben
 27 | echo rex_view::title($this->i18n('a1656_title').'<span class="addonversion">'.$this->getProperty('version').'</span>');
 28 | 
 29 | 
 30 | //globales Inline-CSS + Javascript
 31 | ?>
 32 | <style type="text/css">
 33 | input.rex-form-submit { margin-left: 190px !important; }	/* Rex-Button auf neue (Labelbreite +10) verschieben */
 34 | td.name { position: relative; padding-right: 20px !important; }
 35 | .nowidth { width: auto !important; }
 36 | .togglebox { display: none; margin-top: 8px; font-size: 90%; color: #666; line-height: 130%; }
 37 | .toggler { width: 15px; height: 12px; position: absolute; top: 10px; right: 3px; }
 38 | .toggler a { display: block; height: 11px; background-image: url(../assets/addons/<?php echo $mypage; ?>/arrows.png); background-repeat: no-repeat; background-position: center -6px; cursor: pointer; }
 39 | .required { font-weight: bold; }
 40 | .inlinelabel { display: inline !important; width: auto !important; float: none !important; clear: none !important; padding: 0px  !important; margin: 0px !important; font-weight: normal !important; }
 41 | .inlineform { display: inline-block !important; }
 42 | .form_auto { width: auto !important; }
 43 | .form_plz { width: 25%px !important; margin-right: 6px; }
 44 | .form_ort { width: 73%px !important; }
 45 | .form_25perc { width: 25% !important; min-width: 120px; }
 46 | .form_50perc { width: 50% !important; min-width: 120px; }
 47 | .form_75perc { width: 75% !important; }
 48 | .form_content { display: block; padding-top: 5px; }
 49 | .form_readonly { background-color: #EEE; color: #999; }
 50 | .form_isoffline { color: #A00; }
 51 | .addonversion { margin-left: 7px; }
 52 | .radio label, .checkbox label { margin-right: 20px; }
 53 | 
 54 | .form_column, .datepicker-widget { display: inline-block; vertical-align: middle; }
 55 | 	.form_column-spacer, .datepicker-widget-spacer { padding: 0px 5px; }
 56 | 
 57 | .form_2spaltig > div { display: inline-block; width: 49%; }
 58 | 
 59 | .addon_failed, .addonfailed { color: #F00; font-weight: bold; margin-bottom: 15px; }
 60 | 		
 61 | .addon_inlinegroup { display: inline-block; }
 62 | .addon_input-group { display: table; }
 63 | 	.addon_input-group > * { display: table-cell; border-radius: 0px; border: 1px solid #7586a0; margin-left: -1px; }
 64 | 	.addon_input-group > *:first-child { margin: 0px; }
 65 | 	.addon_input-group > *:last-child { border-radius: 0px 2px 2px 0px; }
 66 | 	
 67 | .addon_input-group-field {}
 68 | .addon_input-group-btn {}
 69 | 
 70 | .block { display: block; }
 71 | .info { font-size: 0.825em; }
 72 | .info-labels { display: inline-block; padding: 3px 6px; background: #EAEAEA; margin-right: 5px; font-size: 0.80em; }
 73 | 	.info-green { background: #360; color: #FFF; }
 74 | 	.info-red { background: #900; color: #FFF; }
 75 | .infoblock { display: block; font-size: 0.825em; margin-top: 7px; }
 76 | 
 77 | /* Boxen */
 78 | .boxed-group { position: relative; background: rgba(255,255,255, 0.6); margin: 0px 0px 15px; padding: 15px 20px; border: #CCC; }
 79 | .boxed-group dl.form-group { margin-bottom: 0px; margin-top: 15px; }
 80 | 	.boxed-group dl.form-group:first-child { margin-top: 0px; }
 81 | 	.boxed-group .hiddencontent > dl:first-child { margin-top: 15px; }
 82 | .boxed-group label.nobold { font-weight: normal; }
 83 | a.modallink { cursor: pointer; }
 84 | 
 85 | .cspblock { display: inline-block; vertical-align: top; min-width: 182px; margin: 0px 23px 18px 0px; padding: 7px 14px; transition: all .3s ease; }
 86 | 	.cspblock:hover { background: #FFF; }
 87 | .cspblock label { margin-right: 0px !important; }
 88 | .cspblock ul { list-style: none; margin: 0px; padding: 0px;}
 89 | .cspblock li { margin: 0px 0px 5px; }
 90 | 
 91 | /* Header-Farben */
 92 | .hh-risk { border-left: 3px solid orange; }
 93 | .hh-highrisk { border-left: 3px solid #D9534F; }
 94 | 
 95 | /* Checkbox/Radio-Toggler */
 96 | .checkbox.toggle label input, .radio.toggle label input { -webkit-appearance: none; -moz-appearance: none; appearance: none; width: 3em; height: 1.5em; background: #ddd; vertical-align: middle; border-radius: 1.6em; position: relative; outline: 0; margin-top: -3px; margin-right: 10px; cursor: pointer; transition: background 0.1s ease-in-out; }
 97 | 	.checkbox.toggle label input::after, .radio.toggle label input::after, .radio.switch label input::before { content: ''; width: 1.5em; height: 1.5em; background: white; position: absolute; border-radius: 1.2em; transform: scale(0.7); left: 0; box-shadow: 0 1px rgba(0, 0, 0, 0.5); transition: left 0.1s ease-in-out; }
 98 | .checkbox.toggle label input:checked, .radio.toggle label input:checked { background: #5791CE; }
 99 | 	.checkbox.toggle label input:checked::after { left: 1.5em; }
100 | 
101 | .radio.switch label { margin-right: 1.5em; }
102 | .radio.switch label input { width: 1.5em; margin-right: 5px; }
103 | 	.radio.switch label input:checked::after { transform: scale(0.5); }
104 | .radio.switch label input::before { background: #5791CE; opacity: 0; box-shadow: none; }
105 | 	.radio.switch label input:checked::before { animation: radioswitcheffect 0.65s; }
106 | @keyframes radioswitcheffect { 0% { opacity: 0.75; } 100% { opacity: 0; transform: scale(2.5); } }
107 | 
108 | /* Checkbox-Toggler small */
109 | .includebackend { text-align: right; zoom: 0.75; margin: 0px; position: absolute; top: 13px; right: 13px; }
110 | .includebackend label { margin-right: 0px !important; }
111 | .includebackend label input[type=checkbox].toggle { margin-right: 8px; }
112 | 
113 | /* Modalfenster */
114 | .hh-modal { background: rgba(40,53,66, 0.4); }
115 | .hh-modal .modal-header { background: #dfe3e9; line-height: 1.25; padding: 10px 15px; font-size: 16px; }
116 | .hh-modal .modal-title { display: inline; }
117 | .hh-content { display: none; }
118 | 
119 | 
120 | @media (min-width: 768px){
121 | 	.hh-modal-large .modal-dialog { width: 90%; max-width: 800px;}
122 | }
123 | 
124 | 
125 | <?php if (rex_string::versionCompare(rex::getVersion(), '5.13.0-dev', '>=')): ?>
126 | body.rex-theme-dark .cspblock:hover { background: #1f3d3c; }
127 | body.rex-theme-dark .boxed-group { background: rgba(54,81,80, 0.45); }
128 | body.rex-theme-dark .hh-modal .modal-header { background: inherit; }
129 | 
130 | body.rex-theme-dark .checkbox.toggle label input,
131 | body.rex-theme-dark .radio.toggle label input
132 | 	{ background: #202b35; }
133 | body.rex-theme-dark .checkbox.toggle label input::after, 
134 | body.rex-theme-dark .radio.toggle label input::after, 
135 | body.rex-theme-dark .radio.switch label input::before
136 | 	{ background: #CCC; }
137 | 
138 | body.rex-theme-dark .checkbox.toggle label input:checked,
139 | body.rex-theme-dark .radio.toggle label input:checked 
140 | 	{ background: #409be4; }
141 | body.rex-theme-dark .checkbox.toggle label input:checked::after, 
142 | body.rex-theme-dark .radio.toggle label input:checked::after, 
143 | body.rex-theme-dark .radio.switch label input:checked::before
144 | 	{ background: #EEE; }
145 | 
146 | 	
147 | 
148 | @media (prefers-color-scheme: dark){
149 | 	
150 | 	body:not(.rex-theme-light) .cspblock:hover { background: #1f3d3c; }
151 | 	body:not(.rex-theme-light) .boxed-group { background: rgba(54,81,80, 0.45); }
152 | 	body:not(.rex-theme-light) .hh-modal .modal-header { background: inherit; }
153 | 
154 | 	body:not(.rex-theme-light) .checkbox.toggle label input,
155 | 	body:not(.rex-theme-light) .radio.toggle label input
156 | 		{ background: #202b35; }
157 | 	body:not(.rex-theme-light) .checkbox.toggle label input::after, 
158 | 	body:not(.rex-theme-light) .radio.toggle label input::after, 
159 | 	body:not(.rex-theme-light) .radio.switch label input::before
160 | 		{ background: #CCC; }
161 | 	
162 | 	body:not(.rex-theme-light) .checkbox.toggle label input:checked,
163 | 	body:not(.rex-theme-light) .radio.toggle label input:checked 
164 | 		{ background: #409be4; }
165 | 	body:not(.rex-theme-light) .checkbox.toggle label input:checked::after, 
166 | 	body:not(.rex-theme-light) .radio.toggle label input:checked::after, 
167 | 	body:not(.rex-theme-light) .radio.switch label input:checked::before
168 | 		{ background: #EEE; }
169 | }
170 | <?php endif; ?>
171 | </style>
172 | 
173 | 
174 | <script type="text/javascript">
175 | setTimeout(function() { jQuery('.alert-info').fadeOut(); }, 5000);			//Rückmeldung ausblenden
176 | </script>
177 | 
178 | 
179 | <?php
180 | //Unterseite einbinden
181 | switch($subpage):
182 | 	case "help":				//Hilfe
183 | 								require_once("help.inc.php");
184 | 								break;				
185 | 
186 | 	default:					//Index = Einstellungen
187 | 								require_once("default.inc.php");
188 | 								break;
189 | endswitch;
190 | ?>
191 | 
192 | 
193 | <!-- PLEASE DO NOT REMOVE THIS COPYRIGHT -->
194 | <p><?php echo $this->getProperty('author'); ?></p>
195 | <!-- THANK YOU! -->


--------------------------------------------------------------------------------
/boot.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | /*
  3 | 	Redaxo-Addon HTTP-Header
  4 | 	Boot (weitere Konfigurationen)
  5 | 	v1.1.3
  6 | 	by Falko Müller @ 2021-2023
  7 | 	package: redaxo5
  8 | */
  9 | 
 10 | //Variablen deklarieren
 11 | $mypage = $this->getProperty('package');
 12 | //$this->setProperty('name', 'Wert');
 13 | 
 14 | 	//Berechtigungen deklarieren
 15 | 	if (rex::isBackend() && is_object(rex::getUser())):
 16 | 		rex_perm::register($mypage.'[]');
 17 | 		//rex_perm::register($mypage.'[admin]');
 18 | 	endif;
 19 | 
 20 | 
 21 | //Userrechte prüfen
 22 | $isAdmin = ( is_object(rex::getUser()) AND (rex::getUser()->hasPerm($mypage.'[admin]') OR rex::getUser()->isAdmin()) ) ? true : false;
 23 | 
 24 | 
 25 | //Addon Einstellungen
 26 | $config = rex_addon::get($mypage)->getConfig('config');			//Addon-Konfig einladen
 27 | 
 28 | 
 29 | //Funktionen einladen/definieren
 30 | //Backendfunktionen
 31 | if (rex::isBackend() && rex::getUser()):
 32 | 	require_once(rex_path::addon($mypage)."/functions/functions.inc.php");
 33 | endif;
 34 | 
 35 | 
 36 | 
 37 | //alle Header ausgeben
 38 | $fe = rex::isFrontend();
 39 | $be = rex::isBackend();
 40 | 
 41 | //Connection keep-alive
 42 | if (@$config['h_connection'] == 'checked'):
 43 | 	if ($fe || ($be && @$config['h_connection_be'] == 'checked')) 				{ rex_response::setHeader('Connection', 'keep-alive'); }
 44 | endif;
 45 | 
 46 | 
 47 | //Vary Accept-Encoding
 48 | if (@$config['h_vary'] == 'checked'):
 49 | 	if ($fe || ($be && @$config['h_vary_be'] == 'checked'))						{ rex_response::setHeader('Vary', 'Accept-Encoding'); }
 50 | endif;
 51 | 
 52 | 
 53 | //Remove Server
 54 | if (@$config['h_server'] == 'checked'):
 55 | 	if ($fe || ($be && @$config['h_server_be'] == 'checked'))					{ header_remove("Server"); rex_response::setHeader('Server', 'always unset'); }
 56 | endif;
 57 | 
 58 | 
 59 | //Remove X-Powered-By
 60 | if (@$config['h_poweredby'] == 'checked'):
 61 | 	if ($fe || ($be && @$config['h_poweredby_be'] == 'checked'))				{ header_remove("X-Powered-By"); rex_response::setHeader('X-Powered-By', 'always unset'); }
 62 | endif;
 63 | 
 64 | 
 65 | //X-Content-Type-Options
 66 | if (@$config['h_contenttype'] == 'checked'):
 67 | 	if ($fe || ($be && @$config['h_contenttype_be'] == 'checked'))				{ rex_response::setHeader('X-Content-Type-Options', 'nosniff'); }
 68 | endif;
 69 | 
 70 | 
 71 | //X-Frame-Options
 72 | if (@$config['h_frame'] == 'checked'):
 73 | 	if ($fe || ($be && @$config['h_frame_be'] == 'checked'))					{ rex_response::setHeader('X-Frame-Options', ''.@$config['h_frame_option'].''); }
 74 | endif;
 75 | 
 76 | 
 77 | //X-XSS-Protection
 78 | if (@$config['h_xss'] == 'checked'):
 79 | 	$opt = (@$config['h_xss_block'] == 'checked') ? '; mode=block' : '';
 80 | 	
 81 | 	if ($fe || ($be && @$config['h_xss_be'] == 'checked'))						{ rex_response::setHeader('X-XSS-Protection', '1'.$opt); }
 82 | endif;
 83 | 
 84 | 
 85 | //Referrer-Policy
 86 | if (@$config['h_referer'] == 'checked'):
 87 | 	if ($fe || ($be && @$config['h_referer_be'] == 'checked'))					{ rex_response::setHeader('Referrer-Policy', ''.@$config['h_referer_option'].''); }
 88 | endif;
 89 | 
 90 | 
 91 | //Strict-Transport-Security
 92 | if (@$config['h_transport'] == 'checked'):
 93 | 	$max = intval(@$config['h_transport_maxage']);
 94 | 	$opt = ($max > 0) ? $max : '31536000';
 95 | 	$opt .= (@$config['h_transport_subdomains'] == 'checked') ? '; includeSubDomains' : '';
 96 | 	
 97 | 	if ($fe || ($be && @$config['h_transport_be'] == 'checked'))				{ rex_response::setHeader('Strict-Transport-Security', 'max-age='.$opt); }
 98 | endif;
 99 | 
100 | 
101 | //Content-Security-Policy
102 | if (@$config['h_csp'] == 'checked'):
103 | 	$opt = "";
104 | 	
105 | 	$def = @$config['h_csp_definition'];
106 | 	if (@$config['h_csp_noeditor'] == 'checked' && !empty($def)):
107 | 		//eigene Definition wird genutzt
108 | 		$opt .= trim(preg_replace('/^Content-Security-Policy:/i', '', $def));
109 | 	else:
110 | 		//Editor-Auswahl wird genutzt
111 | 		//default
112 | 		$tmp = "";
113 | 			$tmp .= (@$config['h_csp_default_https'] == 'checked') 		? " https:" : '';
114 | 			$tmp .= (@$config['h_csp_default_data'] == 'checked') 		? " data:" : '';
115 | 			$tmp .= (@$config['h_csp_default_blob'] == 'checked') 		? " blob:" : '';
116 | 			$tmp .= (@$config['h_csp_default_self'] == 'checked') 		? " 'self'" : '';
117 | 			$tmp .= (@$config['h_csp_default_inline'] == 'checked')		? " 'unsafe-inline'" : '';
118 | 			$tmp .= (@$config['h_csp_default_eval'] == 'checked') 		? " 'unsafe-eval'" : '';
119 | 			$tmp .= (@$config['h_csp_default_hashes'] == 'checked') 	? " 'unsafe-hashes'" : '';
120 | 			$tmp .= (@$config['h_csp_default_none'] == 'checked') 		? " 'none'" : '';
121 | 			$tmp .= (!empty(@$config['h_csp_default_url'])) 			? " ".@$config['h_csp_default_url'] : '';
122 | 		$opt .= (!empty($tmp)) ? ' default-src'.$tmp.';' : '';
123 | 		
124 | 		//img
125 | 		$tmp = "";
126 | 			$tmp .= (@$config['h_csp_img_https'] == 'checked') 			? " https:" : '';
127 | 			$tmp .= (@$config['h_csp_img_data'] == 'checked') 			? " data:" : '';
128 | 			$tmp .= (@$config['h_csp_img_blob'] == 'checked') 			? " blob:" : '';
129 | 			$tmp .= (@$config['h_csp_img_self'] == 'checked') 			? " 'self'" : '';
130 | 			$tmp .= (@$config['h_csp_img_inline'] == 'checked')			? " 'unsafe-inline'" : '';
131 | 			$tmp .= (@$config['h_csp_img_eval'] == 'checked') 			? " 'unsafe-eval'" : '';
132 | 			$tmp .= (@$config['h_csp_img_hashes'] == 'checked') 		? " 'unsafe-hashes'" : '';
133 | 			$tmp .= (@$config['h_csp_img_none'] == 'checked') 			? " 'none'" : '';
134 | 			$tmp .= (!empty(@$config['h_csp_img_url'])) 			? " ".@$config['h_csp_img_url'] : '';
135 | 		$opt .= (!empty($tmp)) ? ' img-src'.$tmp.';' : '';
136 | 		
137 | 		//media
138 | 		$tmp = "";
139 | 			$tmp .= (@$config['h_csp_media_https'] == 'checked') 		? " https:" : '';
140 | 			$tmp .= (@$config['h_csp_media_data'] == 'checked') 		? " data:" : '';
141 | 			$tmp .= (@$config['h_csp_media_blob'] == 'checked') 		? " blob:" : '';
142 | 			$tmp .= (@$config['h_csp_media_self'] == 'checked') 		? " 'self'" : '';
143 | 			$tmp .= (@$config['h_csp_media_inline'] == 'checked')		? " 'unsafe-inline'" : '';
144 | 			$tmp .= (@$config['h_csp_media_eval'] == 'checked') 		? " 'unsafe-eval'" : '';
145 | 			$tmp .= (@$config['h_csp_media_hashes'] == 'checked') 		? " 'unsafe-hashes'" : '';
146 | 			$tmp .= (@$config['h_csp_media_none'] == 'checked') 		? " 'none'" : '';
147 | 			$tmp .= (!empty(@$config['h_csp_media_url'])) 			? " ".@$config['h_csp_media_url'] : '';
148 | 		$opt .= (!empty($tmp)) ? ' media-src'.$tmp.';' : '';
149 | 		
150 | 		//font
151 | 		$tmp = "";
152 | 			$tmp .= (@$config['h_csp_font_https'] == 'checked') 		? " https:" : '';
153 | 			$tmp .= (@$config['h_csp_font_data'] == 'checked') 			? " data:" : '';
154 | 			$tmp .= (@$config['h_csp_font_blob'] == 'checked') 			? " blob:" : '';
155 | 			$tmp .= (@$config['h_csp_font_self'] == 'checked') 			? " 'self'" : '';
156 | 			$tmp .= (@$config['h_csp_font_inline'] == 'checked')		? " 'unsafe-inline'" : '';
157 | 			$tmp .= (@$config['h_csp_font_eval'] == 'checked') 			? " 'unsafe-eval'" : '';
158 | 			$tmp .= (@$config['h_csp_font_hashes'] == 'checked') 		? " 'unsafe-hashes'" : '';
159 | 			$tmp .= (@$config['h_csp_font_none'] == 'checked') 			? " 'none'" : '';
160 | 			$tmp .= (!empty(@$config['h_csp_font_url'])) 			? " ".@$config['h_csp_font_url'] : '';
161 | 		$opt .= (!empty($tmp)) ? ' font-src'.$tmp.';' : '';
162 | 		
163 | 		//script
164 | 		$tmp = "";
165 | 			$tmp .= (@$config['h_csp_script_https'] == 'checked') 		? " https:" : '';
166 | 			$tmp .= (@$config['h_csp_script_data'] == 'checked') 		? " data:" : '';
167 | 			$tmp .= (@$config['h_csp_script_blob'] == 'checked') 		? " blob:" : '';
168 | 			$tmp .= (@$config['h_csp_script_self'] == 'checked') 		? " 'self'" : '';
169 | 			$tmp .= (@$config['h_csp_script_inline'] == 'checked')		? " 'unsafe-inline'" : '';
170 | 			$tmp .= (@$config['h_csp_script_eval'] == 'checked') 		? " 'unsafe-eval'" : '';
171 | 			$tmp .= (@$config['h_csp_script_hashes'] == 'checked') 		? " 'unsafe-hashes'" : '';
172 | 			$tmp .= (@$config['h_csp_script_none'] == 'checked') 		? " 'none'" : '';
173 | 			$tmp .= (!empty(@$config['h_csp_script_url'])) 			? " ".@$config['h_csp_script_url'] : '';
174 | 		$opt .= (!empty($tmp)) ? ' script-src'.$tmp.';' : '';
175 | 		
176 | 		//style
177 | 		$tmp = "";
178 | 			$tmp .= (@$config['h_csp_style_https'] == 'checked') 		? " https:" : '';
179 | 			$tmp .= (@$config['h_csp_style_data'] == 'checked') 		? " data:" : '';
180 | 			$tmp .= (@$config['h_csp_style_blob'] == 'checked') 		? " blob:" : '';
181 | 			$tmp .= (@$config['h_csp_style_self'] == 'checked') 		? " 'self'" : '';
182 | 			$tmp .= (@$config['h_csp_style_inline'] == 'checked')		? " 'unsafe-inline'" : '';
183 | 			$tmp .= (@$config['h_csp_style_eval'] == 'checked') 		? " 'unsafe-eval'" : '';
184 | 			$tmp .= (@$config['h_csp_style_hashes'] == 'checked') 		? " 'unsafe-hashes'" : '';
185 | 			$tmp .= (@$config['h_csp_style_none'] == 'checked') 		? " 'none'" : '';
186 | 			$tmp .= (!empty(@$config['h_csp_style_url'])) 			? " ".@$config['h_csp_style_url'] : '';
187 | 		$opt .= (!empty($tmp)) ? ' style-src'.$tmp.';' : '';
188 | 		
189 | 		//object
190 | 		$tmp = "";
191 | 			$tmp .= (@$config['h_csp_object_https'] == 'checked') 		? " https:" : '';
192 | 			$tmp .= (@$config['h_csp_object_data'] == 'checked') 		? " data:" : '';
193 | 			$tmp .= (@$config['h_csp_object_blob'] == 'checked') 		? " blob:" : '';
194 | 			$tmp .= (@$config['h_csp_object_self'] == 'checked') 		? " 'self'" : '';
195 | 			$tmp .= (@$config['h_csp_object_inline'] == 'checked')		? " 'unsafe-inline'" : '';
196 | 			$tmp .= (@$config['h_csp_object_eval'] == 'checked') 		? " 'unsafe-eval'" : '';
197 | 			$tmp .= (@$config['h_csp_object_hashes'] == 'checked') 		? " 'unsafe-hashes'" : '';
198 | 			$tmp .= (@$config['h_csp_object_none'] == 'checked') 		? " 'none'" : '';
199 | 			$tmp .= (!empty(@$config['h_csp_object_url'])) 			? " ".@$config['h_csp_object_url'] : '';
200 | 		$opt .= (!empty($tmp)) ? ' object-src'.$tmp.';' : '';
201 | 		
202 | 		//form-action
203 | 		$tmp = "";
204 | 			$tmp .= (@$config['h_csp_form_https'] == 'checked') 		? " https:" : '';
205 | 			$tmp .= (@$config['h_csp_form_data'] == 'checked') 			? " data:" : '';
206 | 			$tmp .= (@$config['h_csp_form_blob'] == 'checked') 			? " blob:" : '';
207 | 			$tmp .= (@$config['h_csp_form_self'] == 'checked') 			? " 'self'" : '';
208 | 			$tmp .= (@$config['h_csp_form_inline'] == 'checked')		? " 'unsafe-inline'" : '';
209 | 			$tmp .= (@$config['h_csp_form_eval'] == 'checked') 			? " 'unsafe-eval'" : '';
210 | 			$tmp .= (@$config['h_csp_form_hashes'] == 'checked') 		? " 'unsafe-hashes'" : '';
211 | 			$tmp .= (@$config['h_csp_form_none'] == 'checked') 			? " 'none'" : '';
212 | 			$tmp .= (!empty(@$config['h_csp_form_url'])) 			? " ".@$config['h_csp_form_url'] : '';
213 | 		$opt .= (!empty($tmp)) ? ' form-action'.$tmp.';' : '';
214 | 		
215 | 		//frame
216 | 		$tmp = "";
217 | 			$tmp .= (@$config['h_csp_frame_https'] == 'checked') 		? " https:" : '';
218 | 			$tmp .= (@$config['h_csp_frame_data'] == 'checked') 		? " data:" : '';
219 | 			$tmp .= (@$config['h_csp_frame_blob'] == 'checked') 		? " blob:" : '';
220 | 			$tmp .= (@$config['h_csp_frame_self'] == 'checked') 		? " 'self'" : '';
221 | 			$tmp .= (@$config['h_csp_frame_inline'] == 'checked')		? " 'unsafe-inline'" : '';
222 | 			$tmp .= (@$config['h_csp_frame_eval'] == 'checked') 		? " 'unsafe-eval'" : '';
223 | 			$tmp .= (@$config['h_csp_frame_hashes'] == 'checked') 		? " 'unsafe-hashes'" : '';
224 | 			$tmp .= (@$config['h_csp_frame_none'] == 'checked') 		? " 'none'" : '';
225 | 			$tmp .= (!empty(@$config['h_csp_frame_url'])) 			? " ".@$config['h_csp_frame_url'] : '';
226 | 		$opt .= (!empty($tmp)) ? ' frame-src'.$tmp.';' : '';
227 | 		
228 | 		//frame-ancestors
229 | 		$tmp = "";
230 | 			$tmp .= (@$config['h_csp_frameanc_https'] == 'checked') 	? " https:" : '';
231 | 			$tmp .= (@$config['h_csp_frameanc_data'] == 'checked') 		? " data:" : '';
232 | 			$tmp .= (@$config['h_csp_frameanc_blob'] == 'checked') 		? " blob:" : '';
233 | 			$tmp .= (@$config['h_csp_frameanc_self'] == 'checked') 		? " 'self'" : '';
234 | 			$tmp .= (@$config['h_csp_frameanc_none'] == 'checked') 		? " 'none'" : '';
235 | 			$tmp .= (!empty(@$config['h_csp_frameanc_url'])) 			? " ".@$config['h_csp_frameanc_url'] : '';
236 | 		$opt .= (!empty($tmp)) ? ' frame-ancestors'.$tmp.';' : '';
237 | 		
238 | 		//connect
239 | 		$tmp = "";
240 | 			$tmp .= (@$config['h_csp_connect_https'] == 'checked') 		? " https:" : '';
241 | 			$tmp .= (@$config['h_csp_connect_data'] == 'checked') 		? " data:" : '';
242 | 			$tmp .= (@$config['h_csp_connect_blob'] == 'checked') 		? " blob:" : '';
243 | 			$tmp .= (@$config['h_csp_connect_self'] == 'checked') 		? " 'self'" : '';
244 | 			$tmp .= (@$config['h_csp_connect_inline'] == 'checked')		? " 'unsafe-inline'" : '';
245 | 			$tmp .= (@$config['h_csp_connect_eval'] == 'checked') 		? " 'unsafe-eval'" : '';
246 | 			$tmp .= (@$config['h_csp_connect_hashes'] == 'checked') 	? " 'unsafe-hashes'" : '';
247 | 			$tmp .= (@$config['h_csp_connect_none'] == 'checked') 		? " 'none'" : '';
248 | 			$tmp .= (!empty(@$config['h_csp_connect_url'])) 			? " ".@$config['h_csp_connect_url'] : '';
249 | 		$opt .= (!empty($tmp)) ? ' connect-src'.$tmp.';' : '';
250 | 		
251 | 		//manifest
252 | 		$tmp = "";
253 | 			$tmp .= (@$config['h_csp_manifest_https'] == 'checked') 	? " https:" : '';
254 | 			$tmp .= (@$config['h_csp_manifest_data'] == 'checked') 		? " data:" : '';
255 | 			$tmp .= (@$config['h_csp_manifest_blob'] == 'checked') 		? " blob:" : '';
256 | 			$tmp .= (@$config['h_csp_manifest_self'] == 'checked') 		? " 'self'" : '';
257 | 			$tmp .= (@$config['h_csp_manifest_inline'] == 'checked')	? " 'unsafe-inline'" : '';
258 | 			$tmp .= (@$config['h_csp_manifest_eval'] == 'checked') 		? " 'unsafe-eval'" : '';
259 | 			$tmp .= (@$config['h_csp_manifest_hashes'] == 'checked') 	? " 'unsafe-hashes'" : '';
260 | 			$tmp .= (@$config['h_csp_manifest_none'] == 'checked') 		? " 'none'" : '';
261 | 			$tmp .= (!empty(@$config['h_csp_manifest_url'])) 			? " ".@$config['h_csp_manifest_url'] : '';
262 | 		$opt .= (!empty($tmp)) ? ' manifest-src'.$tmp.';' : '';
263 | 
264 | 	endif;
265 | 	
266 | 	if ($fe || ($be && @$config['h_csp_be'] == 'checked')):
267 | 		rex_response::setHeader('X-Content-Security-Policy', $opt);
268 | 		rex_response::setHeader('X-WebKit-CSP', $opt);
269 | 		rex_response::setHeader('Content-Security-Policy', $opt);
270 | 	endif;
271 | endif;
272 | 
273 | 
274 | //Featuer-/Permissions-Policy
275 | if (@$config['h_fpp'] == 'checked'):
276 | 	$opt_f = $opt_p = "";
277 | 	
278 | 	$def_f = @$config['h_fpp_definition_f'];
279 | 	$def_p = @$config['h_fpp_definition_p'];
280 | 	if (@$config['h_fpp_noeditor'] == 'checked' && (!empty($def_f) || !empty($def_p))):
281 | 		//eigene Definition wird genutzt
282 | 		$opt_f .= trim(preg_replace('/^Feature-Policy:/i', '', $def_f));
283 | 		$opt_p .= trim(preg_replace('/^Permissions-Policy:/i', '', $def_p));
284 | 	else:
285 | 		//Editor-Auswahl wird genutzt
286 | 		//camera
287 | 		$tmp = "";
288 | 			$tmp .= (@$config['h_fpp_cam_self'] == 'checked') 			? " 'self'" : '';
289 | 			$tmp .= (@$config['h_fpp_cam_none'] == 'checked') 			? " 'none'" : '';
290 | 		$opt_f .= (!empty($tmp)) ? ' camera'.$tmp.';' : '';
291 | 		$opt_p .= (!empty($tmp)) ? ' camera=('.trim(str_replace(array(" 'none'", "'"), '', $tmp)).'),' : '';
292 | 		
293 | 		//geo
294 | 		$tmp = "";
295 | 			$tmp .= (@$config['h_fpp_geo_self'] == 'checked') 			? " 'self'" : '';
296 | 			$tmp .= (@$config['h_fpp_geo_none'] == 'checked') 			? " 'none'" : '';
297 | 		$opt_f .= (!empty($tmp)) ? ' geolocation'.$tmp.';' : '';
298 | 		$opt_p .= (!empty($tmp)) ? ' geolocation=('.trim(str_replace(array(" 'none'", "'"), '', $tmp)).'),' : '';
299 | 		
300 | 		//gyro
301 | 		$tmp = "";
302 | 			$tmp .= (@$config['h_fpp_gyro_self'] == 'checked') 			? " 'self'" : '';
303 | 			$tmp .= (@$config['h_fpp_gyro_none'] == 'checked') 			? " 'none'" : '';
304 | 		$opt_f .= (!empty($tmp)) ? ' gyroscope'.$tmp.';' : '';
305 | 		$opt_p .= (!empty($tmp)) ? ' gyroscope=('.trim(str_replace(array(" 'none'", "'"), '', $tmp)).'),' : '';
306 | 		
307 | 		//mag
308 | 		$tmp = "";
309 | 			$tmp .= (@$config['h_fpp_mag_self'] == 'checked') 			? " 'self'" : '';
310 | 			$tmp .= (@$config['h_fpp_mag_none'] == 'checked') 			? " 'none'" : '';
311 | 		$opt_f .= (!empty($tmp)) ? ' magnetometer'.$tmp.';' : '';
312 | 		$opt_p .= (!empty($tmp)) ? ' magnetometer=('.trim(str_replace(array(" 'none'", "'"), '', $tmp)).'),' : '';
313 | 		
314 | 		//mic
315 | 		$tmp = "";
316 | 			$tmp .= (@$config['h_fpp_mic_self'] == 'checked') 			? " 'self'" : '';
317 | 			$tmp .= (@$config['h_fpp_mic_none'] == 'checked') 			? " 'none'" : '';
318 | 		$opt_f .= (!empty($tmp)) ? ' microphone'.$tmp.';' : '';
319 | 		$opt_p .= (!empty($tmp)) ? ' microphone=('.trim(str_replace(array(" 'none'", "'"), '', $tmp)).'),' : '';
320 | 		
321 | 		//usb
322 | 		$tmp = "";
323 | 			$tmp .= (@$config['h_fpp_usb_self'] == 'checked') 			? " 'self'" : '';
324 | 			$tmp .= (@$config['h_fpp_usb_none'] == 'checked') 			? " 'none'" : '';
325 | 		$opt_f .= (!empty($tmp)) ? ' usb'.$tmp.';' : '';
326 | 		$opt_p .= (!empty($tmp)) ? ' usb=('.trim(str_replace(array(" 'none'", "'"), '', $tmp)).'),' : '';
327 | 		
328 | 		//docdom
329 | 		$tmp = "";
330 | 			$tmp .= (@$config['h_fpp_docdom_self'] == 'checked') 		? " 'self'" : '';
331 | 			$tmp .= (@$config['h_fpp_docdom_none'] == 'checked') 		? " 'none'" : '';
332 | 		$opt_f .= (!empty($tmp)) ? ' document-domain'.$tmp.';' : '';
333 | 		$opt_p .= (!empty($tmp)) ? ' document-domain=('.trim(str_replace(array(" 'none'", "'"), '', $tmp)).'),' : '';
334 | 		
335 | 		//full
336 | 		$tmp = "";
337 | 			$tmp .= (@$config['h_fpp_full_self'] == 'checked') 			? " 'self'" : '';
338 | 			$tmp .= (@$config['h_fpp_full_none'] == 'checked') 			? " 'none'" : '';
339 | 		$opt_f .= (!empty($tmp)) ? ' fullscreen'.$tmp.';' : '';
340 | 		$opt_p .= (!empty($tmp)) ? ' fullscreen=('.trim(str_replace(array(" 'none'", "'"), '', $tmp)).'),' : '';
341 | 		
342 | 		//pay
343 | 		$tmp = "";
344 | 			$tmp .= (@$config['h_fpp_pay_self'] == 'checked') 			? " 'self'" : '';
345 | 			$tmp .= (@$config['h_fpp_pay_none'] == 'checked') 			? " 'none'" : '';
346 | 		$opt_f .= (!empty($tmp)) ? ' payment'.$tmp.';' : '';
347 | 		$opt_p .= (!empty($tmp)) ? ' payment=('.trim(str_replace(array(" 'none'", "'"), '', $tmp)).'),' : '';
348 | 
349 | 
350 | 		//letztes Komma entfernen
351 | 		$opt_p = preg_replace("/,$/i", '', $opt_p);
352 | 	endif;
353 | 	
354 | 	if ($fe || ($be && @$config['h_fpp_be'] == 'checked')):
355 | 		rex_response::setHeader('Feature-Policy', $opt_f);
356 | 		rex_response::setHeader('Permissions-Policy', $opt_p);
357 | 	endif;
358 | endif;
359 | 
360 | ?>


--------------------------------------------------------------------------------
/pages/default.inc.php:
--------------------------------------------------------------------------------
   1 | <?php
   2 | /*
   3 | 	Redaxo-Addon HTTP-Header
   4 | 	Verwaltung: Hauptseite (Default)
   5 | 	v1.1.3
   6 | 	by Falko Müller @ 2021-2023
   7 | 	package: redaxo5
   8 | */
   9 | 
  10 | //Variablen deklarieren
  11 | $form_error = 0;
  12 | 
  13 | //Formular dieser Seite verarbeiten
  14 | if ($func == "save" && isset($_POST['submit'])):
  15 | 	//Konfig speichern
  16 | 	$newCfg = $this->getConfig('config');												//alte Config laden
  17 | 
  18 | 	$newCfg = array_merge($newCfg, [													//neue Werte der Standardfelder hinzufügen
  19 | 		'h_connection'				=> rex_post('h_connection'),
  20 | 		'h_connection_be'			=> rex_post('h_connection_be'),
  21 | 		'h_vary'					=> rex_post('h_vary'),
  22 | 		'h_vary_be'					=> rex_post('h_vary_be'),
  23 | 		'h_server'					=> rex_post('h_server'),
  24 | 		'h_server_be'				=> rex_post('h_server_be'),
  25 | 		'h_poweredby'				=> rex_post('h_poweredby'),
  26 | 		'h_poweredby_be'			=> rex_post('h_poweredby_be'),
  27 | 		'h_contenttype'				=> rex_post('h_contenttype'),
  28 | 		'h_contenttype_be'			=> rex_post('h_contenttype_be'),
  29 | 		'h_frame'					=> rex_post('h_frame'),
  30 | 		'h_frame_be'				=> rex_post('h_frame_be'),
  31 | 		'h_frame_option'			=> rex_post('h_frame_option'),
  32 | 		'h_xss'						=> rex_post('h_xss'),
  33 | 		'h_xss_be'					=> rex_post('h_xss_be'),
  34 | 		'h_xss_block'				=> rex_post('h_xss_block'),
  35 | 		'h_referer'					=> rex_post('h_referer'),
  36 | 		'h_referer_be'				=> rex_post('h_referer_be'),
  37 | 		'h_referer_option'			=> rex_post('h_referer_option'),
  38 | 		'h_transport'				=> rex_post('h_transport'),
  39 | 		'h_transport_be'			=> rex_post('h_transport_be'),
  40 | 		'h_transport_maxage'		=> rex_post('h_transport_maxage'),
  41 | 		'h_transport_subdomains'	=> rex_post('h_transport_subdomains'),
  42 | 		'h_csp'						=> rex_post('h_csp'),
  43 | 		'h_csp_be'					=> rex_post('h_csp_be'),
  44 | 		'h_csp_noeditor'			=> rex_post('h_csp_noeditor'),
  45 | 		'h_csp_definition'			=> rex_post('h_csp_definition'),
  46 | 		
  47 | 		'h_csp_default_https'		=> rex_post('h_csp_default_https'),
  48 | 		'h_csp_default_data'		=> rex_post('h_csp_default_data'),
  49 | 		'h_csp_default_blob'		=> rex_post('h_csp_default_blob'),
  50 | 		'h_csp_default_self'		=> rex_post('h_csp_default_self'),
  51 | 		'h_csp_default_inline'		=> rex_post('h_csp_default_inline'),
  52 | 		'h_csp_default_eval'		=> rex_post('h_csp_default_eval'),
  53 | 		'h_csp_default_hashes'		=> rex_post('h_csp_default_hashes'),
  54 | 		'h_csp_default_none'		=> rex_post('h_csp_default_none'),
  55 | 		'h_csp_default_url'			=> rex_post('h_csp_default_url'),
  56 | 		
  57 | 		'h_csp_img_https'			=> rex_post('h_csp_img_https'),
  58 | 		'h_csp_img_data'			=> rex_post('h_csp_img_data'),
  59 | 		'h_csp_img_blob'			=> rex_post('h_csp_img_blob'),
  60 | 		'h_csp_img_self'			=> rex_post('h_csp_img_self'),
  61 | 		'h_csp_img_inline'			=> rex_post('h_csp_img_inline'),
  62 | 		'h_csp_img_eval'			=> rex_post('h_csp_img_eval'),
  63 | 		'h_csp_img_hashes'			=> rex_post('h_csp_img_hashes'),
  64 | 		'h_csp_img_none'			=> rex_post('h_csp_img_none'),
  65 | 		'h_csp_img_url'				=> rex_post('h_csp_img_url'),
  66 | 		
  67 | 		'h_csp_media_https'			=> rex_post('h_csp_media_https'),
  68 | 		'h_csp_media_data'			=> rex_post('h_csp_media_data'),
  69 | 		'h_csp_media_blob'			=> rex_post('h_csp_media_blob'),
  70 | 		'h_csp_media_self'			=> rex_post('h_csp_media_self'),
  71 | 		'h_csp_media_inline'		=> rex_post('h_csp_media_inline'),
  72 | 		'h_csp_media_eval'			=> rex_post('h_csp_media_eval'),
  73 | 		'h_csp_media_hashes'		=> rex_post('h_csp_media_hashes'),
  74 | 		'h_csp_media_none'			=> rex_post('h_csp_media_none'),
  75 | 		'h_csp_media_url'			=> rex_post('h_csp_media_url'),
  76 | 		
  77 | 		'h_csp_font_https'			=> rex_post('h_csp_font_https'),
  78 | 		'h_csp_font_data'			=> rex_post('h_csp_font_data'),
  79 | 		'h_csp_font_blob'			=> rex_post('h_csp_font_blob'),
  80 | 		'h_csp_font_self'			=> rex_post('h_csp_font_self'),
  81 | 		'h_csp_font_inline'			=> rex_post('h_csp_font_inline'),
  82 | 		'h_csp_font_eval'			=> rex_post('h_csp_font_eval'),
  83 | 		'h_csp_font_hashes'			=> rex_post('h_csp_font_hashes'),
  84 | 		'h_csp_font_none'			=> rex_post('h_csp_font_none'),
  85 | 		'h_csp_font_url'			=> rex_post('h_csp_font_url'),
  86 | 		
  87 | 		'h_csp_script_https'		=> rex_post('h_csp_script_https'),
  88 | 		'h_csp_script_data'			=> rex_post('h_csp_script_data'),
  89 | 		'h_csp_script_blob'			=> rex_post('h_csp_script_blob'),
  90 | 		'h_csp_script_self'			=> rex_post('h_csp_script_self'),
  91 | 		'h_csp_script_inline'		=> rex_post('h_csp_script_inline'),
  92 | 		'h_csp_script_eval'			=> rex_post('h_csp_script_eval'),
  93 | 		'h_csp_script_hashes'		=> rex_post('h_csp_script_hashes'),
  94 | 		'h_csp_script_none'			=> rex_post('h_csp_script_none'),
  95 | 		'h_csp_script_url'			=> rex_post('h_csp_script_url'),
  96 | 		
  97 | 		'h_csp_style_https'			=> rex_post('h_csp_style_https'),
  98 | 		'h_csp_style_data'			=> rex_post('h_csp_style_data'),
  99 | 		'h_csp_style_blob'			=> rex_post('h_csp_style_blob'),
 100 | 		'h_csp_style_self'			=> rex_post('h_csp_style_self'),
 101 | 		'h_csp_style_inline'		=> rex_post('h_csp_style_inline'),
 102 | 		'h_csp_style_eval'			=> rex_post('h_csp_style_eval'),
 103 | 		'h_csp_style_hashes'		=> rex_post('h_csp_style_hashes'),
 104 | 		'h_csp_style_none'			=> rex_post('h_csp_style_none'),
 105 | 		'h_csp_style_url'			=> rex_post('h_csp_style_url'),
 106 | 		
 107 | 		'h_csp_object_https'		=> rex_post('h_csp_object_https'),
 108 | 		'h_csp_object_data'			=> rex_post('h_csp_object_data'),
 109 | 		'h_csp_object_blob'			=> rex_post('h_csp_object_blob'),
 110 | 		'h_csp_object_self'			=> rex_post('h_csp_object_self'),
 111 | 		'h_csp_object_inline'		=> rex_post('h_csp_object_inline'),
 112 | 		'h_csp_object_eval'			=> rex_post('h_csp_object_eval'),
 113 | 		'h_csp_object_hashes'		=> rex_post('h_csp_object_hashes'),
 114 | 		'h_csp_object_none'			=> rex_post('h_csp_object_none'),
 115 | 		'h_csp_object_url'			=> rex_post('h_csp_object_url'),
 116 | 		
 117 | 		'h_csp_form_https'			=> rex_post('h_csp_form_https'),
 118 | 		'h_csp_form_data'			=> rex_post('h_csp_form_data'),
 119 | 		'h_csp_form_blob'			=> rex_post('h_csp_form_blob'),
 120 | 		'h_csp_form_self'			=> rex_post('h_csp_form_self'),
 121 | 		'h_csp_form_inline'			=> rex_post('h_csp_form_inline'),
 122 | 		'h_csp_form_eval'			=> rex_post('h_csp_form_eval'),
 123 | 		'h_csp_form_hashes'			=> rex_post('h_csp_form_hashes'),
 124 | 		'h_csp_form_none'			=> rex_post('h_csp_form_none'),
 125 | 		'h_csp_form_url'			=> rex_post('h_csp_form_url'),
 126 | 		
 127 | 		'h_csp_frame_https'			=> rex_post('h_csp_frame_https'),
 128 | 		'h_csp_frame_data'			=> rex_post('h_csp_frame_data'),
 129 | 		'h_csp_frame_blob'			=> rex_post('h_csp_frame_blob'),
 130 | 		'h_csp_frame_self'			=> rex_post('h_csp_frame_self'),
 131 | 		'h_csp_frame_inline'		=> rex_post('h_csp_frame_inline'),
 132 | 		'h_csp_frame_eval'			=> rex_post('h_csp_frame_eval'),
 133 | 		'h_csp_frame_hashes'		=> rex_post('h_csp_frame_hashes'),
 134 | 		'h_csp_frame_none'			=> rex_post('h_csp_frame_none'),
 135 | 		'h_csp_frame_url'			=> rex_post('h_csp_frame_url'),
 136 | 		
 137 | 		'h_csp_frameanc_https'		=> rex_post('h_csp_frameanc_https'),
 138 | 		'h_csp_frameanc_data'		=> rex_post('h_csp_frameanc_data'),
 139 | 		'h_csp_frameanc_blob'		=> rex_post('h_csp_frameanc_blob'),
 140 | 		'h_csp_frameanc_self'		=> rex_post('h_csp_frameanc_self'),
 141 | 		'h_csp_frameanc_none'		=> rex_post('h_csp_frameanc_none'),
 142 | 		'h_csp_frameanc_url'		=> rex_post('h_csp_frameanc_url'),
 143 | 		
 144 | 		'h_csp_connect_https'		=> rex_post('h_csp_connect_https'),
 145 | 		'h_csp_connect_data'		=> rex_post('h_csp_connect_data'),
 146 | 		'h_csp_connect_blob'		=> rex_post('h_csp_connect_blob'),
 147 | 		'h_csp_connect_self'		=> rex_post('h_csp_connect_self'),
 148 | 		'h_csp_connect_inline'		=> rex_post('h_csp_connect_inline'),
 149 | 		'h_csp_connect_eval'		=> rex_post('h_csp_connect_eval'),
 150 | 		'h_csp_connect_hashes'		=> rex_post('h_csp_connect_hashes'),
 151 | 		'h_csp_connect_none'		=> rex_post('h_csp_connect_none'),
 152 | 		'h_csp_connect_url'			=> rex_post('h_csp_connect_url'),
 153 | 		
 154 | 		'h_csp_manifest_https'		=> rex_post('h_csp_manifest_https'),
 155 | 		'h_csp_manifest_data'		=> rex_post('h_csp_manifest_data'),
 156 | 		'h_csp_manifest_blob'		=> rex_post('h_csp_manifest_blob'),
 157 | 		'h_csp_manifest_self'		=> rex_post('h_csp_manifest_self'),
 158 | 		'h_csp_manifest_inline'		=> rex_post('h_csp_manifest_inline'),
 159 | 		'h_csp_manifest_eval'		=> rex_post('h_csp_manifest_eval'),
 160 | 		'h_csp_manifest_hashes'		=> rex_post('h_csp_manifest_hashes'),
 161 | 		'h_csp_manifest_none'		=> rex_post('h_csp_manifest_none'),
 162 | 		'h_csp_manifest_url'			=> rex_post('h_csp_manifest_url'),
 163 | 
 164 | 		
 165 | 		'h_fpp'						=> rex_post('h_fpp'),
 166 | 		'h_fpp_be'					=> rex_post('h_fpp_be'),
 167 | 		'h_fpp_noeditor'			=> rex_post('h_fpp_noeditor'),
 168 | 		'h_fpp_definition_f'		=> rex_post('h_fpp_definition_f'),
 169 | 		'h_fpp_definition_p'		=> rex_post('h_fpp_definition_p'),
 170 | 		
 171 | 		'h_fpp_cam_self'			=> rex_post('h_fpp_cam_self'),
 172 | 		'h_fpp_cam_none'			=> rex_post('h_fpp_cam_none'),
 173 | 		
 174 | 		'h_fpp_geo_self'			=> rex_post('h_fpp_geo_self'),
 175 | 		'h_fpp_geo_none'			=> rex_post('h_fpp_geo_none'),
 176 | 		
 177 | 		'h_fpp_gyro_self'			=> rex_post('h_fpp_gyro_self'),
 178 | 		'h_fpp_gyro_none'			=> rex_post('h_fpp_gyro_none'),
 179 | 		
 180 | 		'h_fpp_mag_self'			=> rex_post('h_fpp_mag_self'),
 181 | 		'h_fpp_mag_none'			=> rex_post('h_fpp_mag_none'),
 182 | 		
 183 | 		'h_fpp_mic_self'			=> rex_post('h_fpp_mic_self'),
 184 | 		'h_fpp_mic_none'			=> rex_post('h_fpp_mic_none'),
 185 | 		
 186 | 		'h_fpp_usb_self'			=> rex_post('h_fpp_usb_self'),
 187 | 		'h_fpp_usb_none'			=> rex_post('h_fpp_usb_none'),
 188 | 		
 189 | 		'h_fpp_docdom_self'			=> rex_post('h_fpp_docdom_self'),
 190 | 		'h_fpp_docdom_none'			=> rex_post('h_fpp_docdom_none'),
 191 | 		
 192 | 		'h_fpp_full_self'			=> rex_post('h_fpp_full_self'),
 193 | 		'h_fpp_full_none'			=> rex_post('h_fpp_full_none'),
 194 | 		
 195 | 		'h_fpp_pay_self'			=> rex_post('h_fpp_pay_self'),
 196 | 		'h_fpp_pay_none'			=> rex_post('h_fpp_pay_none'),
 197 | 	]);
 198 | 
 199 | 	$res = $this->setConfig('config', $newCfg);											//Config speichern (ersetzt komplett die alte Config)
 200 | 
 201 | 	//Rückmeldung
 202 | 	echo ($res) ? rex_view::info($this->i18n('a1656_settings_saved')) : rex_view::warning($this->i18n('a1656_error'));
 203 | endif;
 204 | 
 205 | 
 206 | //reload Konfig
 207 | $config = $this->getConfig('config');
 208 | 	$config = aFM_maskArray($config);
 209 | 	
 210 | //dump($config);	
 211 | ?>
 212 | 
 213 | 
 214 | <script type="text/javascript">setTimeout(function() { jQuery('.alert-info').fadeOut(); }, 5000);</script>
 215 | 
 216 | <form action="index.php?page=<?php echo $page; ?>" method="post" enctype="multipart/form-data">
 217 | <input type="hidden" name="subpage" value="<?php echo $subpage; ?>" />
 218 | <input type="hidden" name="func" value="save" />
 219 | 
 220 | <section class="rex-page-section">
 221 |     <div class="panel panel-edit">
 222 |     
 223 | 		<header class="panel-heading"><div class="panel-title"><?php echo $this->i18n('a1656_head_basics'); ?></div></header>
 224 |         
 225 | 		<div class="panel-body">
 226 | 
 227 | 			<legend><?php echo $this->i18n('a1656_subheader_basic1'); ?></legend>
 228 |             
 229 |              
 230 |             <!-- connection keep-alive -->
 231 |             <div class="boxed-group">
 232 |                 <dl class="rex-form-group form-group">
 233 |                     <dt><label for=""><?php echo $this->i18n('a1656_bas_h_connection'); ?> <a class="modallink" data-toggle="modal" data-target="#httpmodal" data-title="Connection: keep-alive" data-content="#datacontent-conn"><i class="rex-icon fa-question-circle"></i></a></label></dt>
 234 |                     <dd>
 235 |                         <div class="checkbox toggle">
 236 |                         <label for="h_connection toggle">
 237 |                             <input name="h_connection" type="checkbox" id="h_connection" value="checked" <?php echo @$config['h_connection']; ?> /> <?php echo $this->i18n('a1656_bas_active'); ?>
 238 |                         </label>
 239 |                         </div>
 240 |                     </dd>
 241 |                     
 242 |                    
 243 |                    <div class="checkbox toggle includebackend">
 244 |                         <label for="h_connection_be">
 245 |                             <input name="h_connection_be" type="checkbox" id="h_connection_be" value="checked" <?php echo @$config['h_connection_be']; ?> /> <?php echo $this->i18n('a1656_bas_includebackend'); ?>
 246 |                         </label>
 247 |                    </div> 
 248 |                 </dl>
 249 |             </div>
 250 |             
 251 | 			
 252 |             
 253 |           <!-- vary acept-encoding -->
 254 |             <div class="boxed-group">
 255 |                 <dl class="rex-form-group form-group">
 256 |                     <dt><label for=""><?php echo $this->i18n('a1656_bas_h_vary'); ?> <a class="modallink" data-toggle="modal" data-target="#httpmodal" data-title="Vary: Accept-Encoding" data-content="#datacontent-vary"><i class="rex-icon fa-question-circle"></i></a></label></dt>
 257 |                     <dd>
 258 |                         <div class="checkbox toggle">
 259 |                         <label for="h_vary">
 260 |                             <input name="h_vary" type="checkbox" id="h_vary"  value="checked" <?php echo @$config['h_vary']; ?> /> <?php echo $this->i18n('a1656_bas_active'); ?>
 261 |                         </label>
 262 |                         </div>
 263 |                     </dd>
 264 |                     
 265 |                    
 266 |                    <div class="checkbox toggle includebackend">
 267 |                         <label for="h_vary_be">
 268 |                             <input name="h_vary_be" type="checkbox" id="h_vary_be"  value="checked" <?php echo @$config['h_vary_be']; ?> /> <?php echo $this->i18n('a1656_bas_includebackend'); ?>
 269 |                         </label>
 270 |                    </div> 
 271 |                 </dl>
 272 |             </div>
 273 |             
 274 |             
 275 | 
 276 |             <dl class="rex-form-group form-group"><dt></dt></dl>
 277 |             
 278 | 			<legend><?php echo $this->i18n('a1656_subheader_basic2'); ?></legend>
 279 |             
 280 | 			
 281 |             <!-- remove server -->
 282 |             <div class="boxed-group">
 283 |                 <dl class="rex-form-group form-group">
 284 |                     <dt><label for=""><?php echo $this->i18n('a1656_bas_h_server'); ?> <a class="modallink" data-toggle="modal" data-target="#httpmodal" data-title="Serverkennung" data-content="#datacontent-server"><i class="rex-icon fa-question-circle"></i></a></label></dt>
 285 |                     <dd>
 286 |                         <div class="checkbox toggle">
 287 |                         <label for="h_server">
 288 |                             <input name="h_server" type="checkbox" id="h_server"  value="checked" <?php echo @$config['h_server']; ?> /> <?php echo $this->i18n('a1656_bas_remove'); ?>
 289 |                         </label>
 290 |                         </div>
 291 |                     </dd>
 292 |                     
 293 |                    
 294 |                    <div class="checkbox toggle includebackend">
 295 |                         <label for="h_server_be">
 296 |                             <input name="h_server_be" type="checkbox" id="h_server_be"  value="checked" <?php echo @$config['h_server_be']; ?> /> <?php echo $this->i18n('a1656_bas_includebackend'); ?>
 297 |                         </label>
 298 |                    </div> 
 299 |                 </dl>
 300 |             </div>
 301 |             
 302 |             
 303 | 			
 304 |           <!-- remove x-powered-by -->
 305 |             <div class="boxed-group">
 306 |                 <dl class="rex-form-group form-group">
 307 |                     <dt><label for=""><?php echo $this->i18n('a1656_bas_h_poweredby'); ?> <a class="modallink" data-toggle="modal" data-target="#httpmodal" data-title="X-Powered-By" data-content="#datacontent-xpowered"><i class="rex-icon fa-question-circle"></i></a></label></dt>
 308 |                     <dd>
 309 |                         <div class="checkbox toggle">
 310 |                         <label for="h_poweredby">
 311 |                             <input name="h_poweredby" type="checkbox" id="h_poweredby"  value="checked" <?php echo @$config['h_poweredby']; ?> /> <?php echo $this->i18n('a1656_bas_remove'); ?>
 312 |                         </label>
 313 |                         </div>
 314 |                     </dd>
 315 |                     
 316 |                    
 317 |                    <div class="checkbox toggle includebackend">
 318 |                         <label for="h_poweredby_be">
 319 |                             <input name="h_poweredby_be" type="checkbox" id="h_poweredby_be"  value="checked" <?php echo @$config['h_poweredby_be']; ?> /> <?php echo $this->i18n('a1656_bas_includebackend'); ?>
 320 |                         </label>
 321 |                    </div> 
 322 |                 </dl>
 323 |             </div>
 324 |             
 325 | 			
 326 |             <!-- X-Content-Type-Options -->
 327 |             <div class="boxed-group">
 328 |                 <dl class="rex-form-group form-group">
 329 |                     <dt><label for=""><?php echo $this->i18n('a1656_bas_h_contenttype'); ?> <a class="modallink" data-toggle="modal" data-target="#httpmodal" data-title="X-Content-Type-Options" data-content="#datacontent-xcontent"><i class="rex-icon fa-question-circle"></i></a></label></dt>
 330 |                     <dd>
 331 |                         <div class="checkbox toggle">
 332 |                         <label for="h_contenttype">
 333 |                             <input name="h_contenttype" type="checkbox" id="h_contenttype"  value="checked" <?php echo @$config['h_contenttype']; ?> /> <?php echo $this->i18n('a1656_bas_active'); ?>
 334 |                         </label>
 335 |                         </div>
 336 |                     </dd>
 337 |                     
 338 |                    
 339 |                    <div class="checkbox toggle includebackend">
 340 |                         <label for="h_contenttype_be">
 341 |                             <input name="h_contenttype_be" type="checkbox" id="h_contenttype_be"  value="checked" <?php echo @$config['h_contenttype_be']; ?> /> <?php echo $this->i18n('a1656_bas_includebackend'); ?>
 342 |                         </label>
 343 |                    </div> 
 344 |                 </dl>
 345 | 			</div>
 346 |             
 347 |             
 348 | 			
 349 |           <!-- X-Frame-Options -->
 350 |             <div class="boxed-group">
 351 |                 <dl class="rex-form-group form-group">
 352 |                     <dt><label for=""><?php echo $this->i18n('a1656_bas_h_frame'); ?> <a class="modallink" data-toggle="modal" data-target="#httpmodal" data-title="X-Frame-Options" data-content="#datacontent-xframe"><i class="rex-icon fa-question-circle"></i></a></label></dt>
 353 |                     <dd>
 354 |                         <div class="checkbox toggle">
 355 |                         <label for="h_frame">
 356 |                             <input name="h_frame" type="checkbox" id="h_frame"  value="checked" <?php echo @$config['h_frame']; ?> data-opener="#h_frame_option" /> <?php echo $this->i18n('a1656_bas_active'); ?>
 357 |                         </label>
 358 |                         </div>
 359 |                     </dd>
 360 |                 </dl>
 361 |  
 362 |  				<div class="hiddencontent <?php echo @$config['h_frame']; ?>" id="h_frame_option">
 363 | 				<dl class="rex-form-group form-group">
 364 | 					<dt><label for="" class="nobold"><?php echo $this->i18n('a1656_bas_property'); ?></label></dt>
 365 |                     <dd>                        
 366 |                         <select size="1" name="h_frame_option" class="form-control" id="h_frame_option">
 367 |                             <?php
 368 |                             $arr = array('DENY', 'SAMEORIGIN');
 369 |                             
 370 |                             foreach ($arr as $val):
 371 |                                 $sel = ($config['h_frame_option'] == $val) ? 'selected' : '';
 372 |                                 echo '<option value="'.$val.'" '.$sel.'>'.$val.'</option>';
 373 |                             endforeach;
 374 |                             ?>
 375 |                         </select>                    
 376 |                     </dd>
 377 |                 </dl>
 378 |                 </div>
 379 |                
 380 |                 
 381 |                 <div class="checkbox toggle includebackend">
 382 |                     <label for="h_frame_be">
 383 |                         <input name="h_frame_be" type="checkbox" id="h_frame_be"  value="checked" <?php echo @$config['h_frame_be']; ?> /> <?php echo $this->i18n('a1656_bas_includebackend'); ?>
 384 |                     </label>
 385 |                 </div> 
 386 |             </div>
 387 |             
 388 |             
 389 | 			
 390 |           <!-- X-XSS-Protection -->
 391 |             <div class="boxed-group">
 392 |                 <dl class="rex-form-group form-group">
 393 |                     <dt><label for=""><?php echo $this->i18n('a1656_bas_h_xss'); ?> <a class="modallink" data-toggle="modal" data-target="#httpmodal" data-title="X-XSS-Protection" data-content="#datacontent-xxss"><i class="rex-icon fa-question-circle"></i></a></label></dt>
 394 |                     <dd>
 395 |                         <div class="checkbox toggle">
 396 |                         <label for="h_xss">
 397 |                             <input name="h_xss" type="checkbox" id="h_xss"  value="checked" <?php echo @$config['h_xss']; ?> data-opener="#h_xss_block" /> <?php echo $this->i18n('a1656_bas_active'); ?>
 398 |                         </label>
 399 |                         </div>
 400 |                     </dd>
 401 |                 </dl>
 402 |  
 403 |  				<div class="hiddencontent <?php echo @$config['h_xss']; ?>" id="h_xss_block">
 404 |                 <dl class="rex-form-group form-group">
 405 |                     <dt><label for="" class="nobold"><?php echo $this->i18n('a1656_bas_h_xss_block'); ?></label></dt>
 406 |                     <dd>
 407 |                         <div class="checkbox toggle">
 408 |                         <label for="h_xss_block">
 409 |                             <input name="h_xss_block" type="checkbox" id="h_xss_block"  value="checked" <?php echo @$config['h_xss_block']; ?> /> <?php echo $this->i18n('a1656_bas_active'); ?>
 410 |                         </label>
 411 |                         </div>
 412 |                     </dd>
 413 |                 </dl>
 414 |                 </div>
 415 |                
 416 |                 
 417 |                 <div class="checkbox toggle includebackend">
 418 |                     <label for="h_xss_be">
 419 |                         <input name="h_xss_be" type="checkbox" id="h_xss_be"  value="checked" <?php echo @$config['h_xss_be']; ?> /> <?php echo $this->i18n('a1656_bas_includebackend'); ?>
 420 |                     </label>
 421 |                 </div> 
 422 |             </div>
 423 |             
 424 |             
 425 | 			
 426 |           <!-- Referrer-Policy -->
 427 |             <div class="boxed-group">
 428 |                 <dl class="rex-form-group form-group">
 429 |                     <dt><label for=""><?php echo $this->i18n('a1656_bas_h_referer'); ?> <a class="modallink" data-toggle="modal" data-target="#httpmodal" data-title="Referrer-Policy" data-content="#datacontent-referer"><i class="rex-icon fa-question-circle"></i></a></label></dt>
 430 |                     <dd>
 431 |                         <div class="checkbox toggle">
 432 |                         <label for="h_referer">
 433 |                             <input name="h_referer" type="checkbox" id="h_referer"  value="checked" <?php echo @$config['h_referer']; ?> data-opener="#h_referer_option" /> <?php echo $this->i18n('a1656_bas_active'); ?>
 434 |                         </label>
 435 |                         </div>
 436 |                     </dd>
 437 |                 </dl>
 438 |  
 439 |  				<div class="hiddencontent <?php echo @$config['h_referer']; ?>" id="h_referer_option">
 440 | 				<dl class="rex-form-group form-group">
 441 | 					<dt><label for="" class="nobold"><?php echo $this->i18n('a1656_bas_property'); ?></label></dt>
 442 |                     <dd>                        
 443 |                         <select size="1" name="h_referer_option" class="form-control" id="h_referer_option">
 444 |                             <?php
 445 |                             $arr = array('no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin', 'unsafe-url');
 446 |                             
 447 |                             foreach ($arr as $val):
 448 |                                 $sel = ($config['h_referer_option'] == $val) ? 'selected' : '';
 449 |                                 echo '<option value="'.$val.'" '.$sel.'>'.$val.'</option>';
 450 |                             endforeach;
 451 |                             ?>
 452 |                         </select>                    
 453 |                     </dd>
 454 |                 </dl>
 455 |                 </div>
 456 |                
 457 |                 
 458 |                 <div class="checkbox toggle includebackend">
 459 |                     <label for="h_referer_be">
 460 |                         <input name="h_referer_be" type="checkbox" id="h_referer_be"  value="checked" <?php echo @$config['h_referer_be']; ?> /> <?php echo $this->i18n('a1656_bas_includebackend'); ?>
 461 |                     </label>
 462 |                 </div> 
 463 |             </div>
 464 |             
 465 | 
 466 | 			
 467 |           <!-- Strict-Transport-Security -->
 468 |             <div class="boxed-group hh-risk">
 469 |                 <dl class="rex-form-group form-group">
 470 |                     <dt><label for=""><?php echo $this->i18n('a1656_bas_h_transport'); ?> <a class="modallink" data-toggle="modal" data-target="#httpmodal" data-title="Strict-Transport-Security" data-content="#datacontent-trans"><i class="rex-icon fa-question-circle"></i></a></label></dt>
 471 |                     <dd>
 472 |                         <div class="checkbox toggle">
 473 |                         <label for="h_transport">
 474 |                             <input name="h_transport" type="checkbox" id="h_transport"  value="checked" <?php echo @$config['h_transport']; ?> data-opener="#h_transport_option" /> <?php echo $this->i18n('a1656_bas_active'); ?>
 475 |                         </label>
 476 |                         </div>
 477 |                     </dd>
 478 |                 </dl>
 479 |  
 480 |  				<div class="hiddencontent <?php echo @$config['h_transport']; ?>" id="h_transport_option">
 481 | 				<dl class="rex-form-group form-group">
 482 | 					<dt><label for="" class="nobold"><?php echo $this->i18n('a1656_bas_h_transport_maxage'); ?></label></dt>
 483 |                     <dd>                        
 484 | 						<input type="text" size="25" name="h_transport_maxage" id="h_transport_maxage" value="<?php echo @$config['h_transport_maxage']; ?>" maxlength="15" class="form-control" />
 485 |                     </dd>
 486 |                 </dl>
 487 |                 
 488 |                 <dl class="rex-form-group form-group">
 489 |                     <dt><label for="" class="nobold"><?php echo $this->i18n('a1656_bas_h_transport_subdomains'); ?></label></dt>
 490 |                     <dd>
 491 |                         <div class="checkbox toggle">
 492 |                         <label for="h_transport_subdomains">
 493 |                             <input name="h_transport_subdomains" type="checkbox" id="h_transport_subdomains"  value="checked" <?php echo @$config['h_transport_subdomains']; ?> /> <?php echo $this->i18n('a1656_bas_active'); ?>
 494 |                         </label>
 495 |                         </div>
 496 |                     </dd>
 497 |                 </dl>                
 498 |                 </div>
 499 |                
 500 |                 
 501 |                 <div class="checkbox toggle includebackend">
 502 |                     <label for="h_transport_be">
 503 |                         <input name="h_transport_be" type="checkbox" id="h_transport_be"  value="checked" <?php echo @$config['h_transport_be']; ?> /> <?php echo $this->i18n('a1656_bas_includebackend'); ?>
 504 |                     </label>
 505 |                 </div> 
 506 |             </div>
 507 | 
 508 | 
 509 | 			
 510 |             <!-- Content-Security-Policy -->
 511 |             <div class="boxed-group hh-highrisk">
 512 |                 <dl class="rex-form-group form-group">
 513 |                     <dt><label for=""><?php echo $this->i18n('a1656_bas_h_csp'); ?> <a class="modallink" data-toggle="modal" data-target="#httpmodal" data-title="Content-Security-Policy" data-content="#datacontent-csp"><i class="rex-icon fa-question-circle"></i></a></label></dt>
 514 |                     <dd>
 515 |                         <div class="checkbox toggle">
 516 |                         <label for="h_csp">
 517 |                             <input name="h_csp" type="checkbox" id="h_csp"  value="checked" <?php echo @$config['h_csp']; ?> data-opener="#h_csp_option" /> <?php echo $this->i18n('a1656_bas_active'); ?>
 518 |                         </label>
 519 |                         </div>
 520 |                     </dd>
 521 |                 </dl>
 522 |  
 523 |  				<div class="hiddencontent <?php echo @$config['h_csp']; ?>" id="h_csp_option">
 524 |                 <dl class="rex-form-group form-group">
 525 |                     <dt><label for="" class="nobold"><?php echo $this->i18n('a1656_bas_h_csp_noeditor'); ?></label></dt>
 526 |                     <dd>
 527 |                         <div class="checkbox toggle">
 528 |                         <label for="h_csp_noeditor">
 529 |                             <input name="h_csp_noeditor" type="checkbox" id="h_csp_noeditor"  value="checked" <?php echo @$config['h_csp_noeditor']; ?> /> <?php echo $this->i18n('a1656_yes'); ?>
 530 |                         </label>
 531 |                         </div>
 532 |                     </dd>
 533 |                 </dl>
 534 |                 
 535 |                 
 536 |                 <dl class="rex-form-group form-group"><dt>&nbsp;</dt></dl>
 537 |                 
 538 |                 
 539 |                 <div class="hiddencontent <?php echo @$config['h_csp_noeditor']; ?>" id="h_csp_option_noeditor">
 540 |                 	<!-- CSP-Eingabefeld -->
 541 |                     <dl class="rex-form-group form-group">
 542 |                         <dt><label for="" class="nobold"><?php echo $this->i18n('a1656_bas_h_csp_definition'); ?></label></dt>
 543 |                         <dd>
 544 |                             <input type="text" size="25" name="h_csp_definition" id="h_csp_definition" value="<?php echo @$config['h_csp_definition']; ?>" class="form-control" placeholder="<?php echo aFM_noQuote($this->i18n('a1656_bas_h_csp_definition_example')); ?>" />
 545 |                         </dd>
 546 |                     </dl>
 547 | 				</div>
 548 |                 
 549 |                 
 550 |                 <div class="hiddencontent <?php echo (@$config['h_csp_noeditor'] != 'checked') ? 'checked' : ''; ?>" id="h_csp_option_editor">
 551 |                 	<!-- CSP-Editorfelder -->
 552 |                     <dl class="rex-form-group form-group">
 553 |                         <dt><label for="" class="nobold"><?php echo $this->i18n('a1656_bas_h_csp_editor'); ?></label></dt>
 554 |                         <dd>      
 555 |                                           
 556 |                             <!-- default-src -->
 557 |                             <div class="cspblock">
 558 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_csp_default'); ?></label>
 559 |                             
 560 |                                 <ul>
 561 |                                     <li>
 562 |                                         <div class="checkbox toggle">
 563 |                                         <label for="h_csp_default_https">
 564 |                                             <input name="h_csp_default_https" type="checkbox" id="h_csp_default_https"  value="checked" <?php echo @$config['h_csp_default_https']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_https'); ?>
 565 |                                         </label>
 566 |                                         </div>
 567 |                                     </li> 
 568 |                                     <li>
 569 |                                         <div class="checkbox toggle">
 570 |                                         <label for="h_csp_default_data">
 571 |                                             <input name="h_csp_default_data" type="checkbox" id="h_csp_default_data"  value="checked" <?php echo @$config['h_csp_default_data']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_data'); ?>
 572 |                                         </label>
 573 |                                         </div>
 574 |                                     </li> 
 575 |                                     <li>
 576 |                                         <div class="checkbox toggle">
 577 |                                         <label for="h_csp_default_blob">
 578 |                                             <input name="h_csp_default_blob" type="checkbox" id="h_csp_default_blob"  value="checked" <?php echo @$config['h_csp_default_blob']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_blob'); ?>
 579 |                                         </label>
 580 |                                         </div>
 581 |                                     </li> 
 582 |                                     <li>
 583 |                                         <div class="checkbox toggle">
 584 |                                         <label for="h_csp_default_self">
 585 |                                             <input name="h_csp_default_self" type="checkbox" id="h_csp_default_self"  value="checked" <?php echo @$config['h_csp_default_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
 586 |                                         </label>
 587 |                                         </div>
 588 |                                     </li> 
 589 |                                     <li>
 590 |                                         <div class="checkbox toggle">
 591 |                                         <label for="h_csp_default_inline">
 592 |                                             <input name="h_csp_default_inline" type="checkbox" id="h_csp_default_inline"  value="checked" <?php echo @$config['h_csp_default_inline']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_inline'); ?>
 593 |                                         </label>
 594 |                                         </div>
 595 |                                     </li> 
 596 |                                     <li>
 597 |                                         <div class="checkbox toggle">
 598 |                                         <label for="h_csp_default_eval">
 599 |                                             <input name="h_csp_default_eval" type="checkbox" id="h_csp_default_eval"  value="checked" <?php echo @$config['h_csp_default_eval']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_eval'); ?>
 600 |                                         </label>
 601 |                                         </div>
 602 |                                     </li> 
 603 |                                     <li>
 604 |                                         <div class="checkbox toggle">
 605 |                                         <label for="h_csp_default_hashes">
 606 |                                             <input name="h_csp_default_hashes" type="checkbox" id="h_csp_default_hashes"  value="checked" <?php echo @$config['h_csp_default_hashes']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_hashes'); ?>
 607 |                                         </label>
 608 |                                         </div>
 609 |                                     </li> 
 610 |                                     <li>
 611 |                                         <div class="checkbox toggle">
 612 |                                         <label for="h_csp_default_none">
 613 |                                             <input name="h_csp_default_none" type="checkbox" id="h_csp_default_none"  value="checked" <?php echo @$config['h_csp_default_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
 614 |                                         </label>
 615 |                                         </div>
 616 |                                     </li>
 617 | 									
 618 |                                     <li>
 619 | 										<br />
 620 | 										<input type="text" size="25" name="h_csp_default_url" id="h_csp_default_url" value="<?php echo aFM_maskChar(@$config['h_csp_default_url']); ?>" class="form-control" placeholder="<?php echo aFM_noQuote($this->i18n('a1656_bas_h_csp_url_example')); ?>" />
 621 |                                     </li>
 622 |                                 </ul>
 623 |                             </div>
 624 |                             
 625 |                             
 626 |                             <!-- img-src -->
 627 |                             <div class="cspblock">
 628 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_csp_img'); ?></label>
 629 |                             
 630 |                                 <ul>
 631 |                                     <li>
 632 |                                         <div class="checkbox toggle">
 633 |                                         <label for="h_csp_img_https">
 634 |                                             <input name="h_csp_img_https" type="checkbox" id="h_csp_img_https"  value="checked" <?php echo @$config['h_csp_img_https']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_https'); ?>
 635 |                                         </label>
 636 |                                         </div>
 637 |                                     </li> 
 638 |                                     <li>
 639 |                                         <div class="checkbox toggle">
 640 |                                         <label for="h_csp_img_data">
 641 |                                             <input name="h_csp_img_data" type="checkbox" id="h_csp_img_data"  value="checked" <?php echo @$config['h_csp_img_data']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_data'); ?>
 642 |                                         </label>
 643 |                                         </div>
 644 |                                     </li> 
 645 |                                     <li>
 646 |                                         <div class="checkbox toggle">
 647 |                                         <label for="h_csp_img_blob">
 648 |                                             <input name="h_csp_img_blob" type="checkbox" id="h_csp_img_blob"  value="checked" <?php echo @$config['h_csp_img_blob']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_blob'); ?>
 649 |                                         </label>
 650 |                                         </div>
 651 |                                     </li> 
 652 |                                     <li>
 653 |                                         <div class="checkbox toggle">
 654 |                                         <label for="h_csp_img_self">
 655 |                                             <input name="h_csp_img_self" type="checkbox" id="h_csp_img_self"  value="checked" <?php echo @$config['h_csp_img_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
 656 |                                         </label>
 657 |                                         </div>
 658 |                                     </li> 
 659 |                                     <li>
 660 |                                         <div class="checkbox toggle">
 661 |                                         <label for="h_csp_img_inline">
 662 |                                             <input name="h_csp_img_inline" type="checkbox" id="h_csp_img_inline"  value="checked" <?php echo @$config['h_csp_img_inline']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_inline'); ?>
 663 |                                         </label>
 664 |                                         </div>
 665 |                                     </li> 
 666 |                                     <li>
 667 |                                         <div class="checkbox toggle">
 668 |                                         <label for="h_csp_img_eval">
 669 |                                             <input name="h_csp_img_eval" type="checkbox" id="h_csp_img_eval"  value="checked" <?php echo @$config['h_csp_img_eval']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_eval'); ?>
 670 |                                         </label>
 671 |                                         </div>
 672 |                                     </li> 
 673 |                                     <li>
 674 |                                         <div class="checkbox toggle">
 675 |                                         <label for="h_csp_img_hashes">
 676 |                                             <input name="h_csp_img_hashes" type="checkbox" id="h_csp_img_hashes"  value="checked" <?php echo @$config['h_csp_img_hashes']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_hashes'); ?>
 677 |                                         </label>
 678 |                                         </div>
 679 |                                     </li> 
 680 |                                     <li>
 681 |                                         <div class="checkbox toggle">
 682 |                                         <label for="h_csp_img_none">
 683 |                                             <input name="h_csp_img_none" type="checkbox" id="h_csp_img_none"  value="checked" <?php echo @$config['h_csp_img_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
 684 |                                         </label>
 685 |                                         </div>
 686 |                                     </li>
 687 | 									
 688 |                                     <li>
 689 | 										<br />
 690 | 										<input type="text" size="25" name="h_csp_img_url" id="h_csp_img_url" value="<?php echo aFM_maskChar(@$config['h_csp_img_url']); ?>" class="form-control" placeholder="<?php echo aFM_noQuote($this->i18n('a1656_bas_h_csp_url_example')); ?>" />
 691 |                                     </li>
 692 |                                 </ul>
 693 |                             </div>
 694 |                             
 695 |                             
 696 |                             <!-- media-src -->
 697 |                             <div class="cspblock">
 698 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_csp_media'); ?></label>
 699 |                             
 700 |                                 <ul>
 701 |                                     <li>
 702 |                                         <div class="checkbox toggle">
 703 |                                         <label for="h_csp_media_https">
 704 |                                             <input name="h_csp_media_https" type="checkbox" id="h_csp_media_https"  value="checked" <?php echo @$config['h_csp_media_https']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_https'); ?>
 705 |                                         </label>
 706 |                                         </div>
 707 |                                     </li> 
 708 |                                     <li>
 709 |                                         <div class="checkbox toggle">
 710 |                                         <label for="h_csp_media_data">
 711 |                                             <input name="h_csp_media_data" type="checkbox" id="h_csp_media_data"  value="checked" <?php echo @$config['h_csp_media_data']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_data'); ?>
 712 |                                         </label>
 713 |                                         </div>
 714 |                                     </li> 
 715 |                                     <li>
 716 |                                         <div class="checkbox toggle">
 717 |                                         <label for="h_csp_media_blob">
 718 |                                             <input name="h_csp_media_blob" type="checkbox" id="h_csp_media_blob"  value="checked" <?php echo @$config['h_csp_media_blob']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_blob'); ?>
 719 |                                         </label>
 720 |                                         </div>
 721 |                                     </li> 
 722 |                                     <li>
 723 |                                         <div class="checkbox toggle">
 724 |                                         <label for="h_csp_media_self">
 725 |                                             <input name="h_csp_media_self" type="checkbox" id="h_csp_media_self"  value="checked" <?php echo @$config['h_csp_media_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
 726 |                                         </label>
 727 |                                         </div>
 728 |                                     </li> 
 729 |                                     <li>
 730 |                                         <div class="checkbox toggle">
 731 |                                         <label for="h_csp_media_inline">
 732 |                                             <input name="h_csp_media_inline" type="checkbox" id="h_csp_media_inline"  value="checked" <?php echo @$config['h_csp_media_inline']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_inline'); ?>
 733 |                                         </label>
 734 |                                         </div>
 735 |                                     </li> 
 736 |                                     <li>
 737 |                                         <div class="checkbox toggle">
 738 |                                         <label for="h_csp_media_eval">
 739 |                                             <input name="h_csp_media_eval" type="checkbox" id="h_csp_media_eval"  value="checked" <?php echo @$config['h_csp_media_eval']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_eval'); ?>
 740 |                                         </label>
 741 |                                         </div>
 742 |                                     </li> 
 743 |                                     <li>
 744 |                                         <div class="checkbox toggle">
 745 |                                         <label for="h_csp_media_hashes">
 746 |                                             <input name="h_csp_media_hashes" type="checkbox" id="h_csp_media_hashes"  value="checked" <?php echo @$config['h_csp_media_hashes']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_hashes'); ?>
 747 |                                         </label>
 748 |                                         </div>
 749 |                                     </li> 
 750 |                                     <li>
 751 |                                         <div class="checkbox toggle">
 752 |                                         <label for="h_csp_media_none">
 753 |                                             <input name="h_csp_media_none" type="checkbox" id="h_csp_media_none"  value="checked" <?php echo @$config['h_csp_media_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
 754 |                                         </label>
 755 |                                         </div>
 756 |                                     </li>
 757 | 									
 758 |                                     <li>
 759 | 										<br />
 760 | 										<input type="text" size="25" name="h_csp_media_url" id="h_csp_media_url" value="<?php echo aFM_maskChar(@$config['h_csp_media_url']); ?>" class="form-control" placeholder="<?php echo aFM_noQuote($this->i18n('a1656_bas_h_csp_url_example')); ?>" />
 761 |                                     </li>
 762 |                                 </ul>
 763 |                             </div>
 764 |                     
 765 |                             
 766 |                             <!-- font-src -->
 767 |                             <div class="cspblock">
 768 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_csp_font'); ?></label>
 769 |                             
 770 |                                 <ul>
 771 |                                     <li>
 772 |                                         <div class="checkbox toggle">
 773 |                                         <label for="h_csp_font_https">
 774 |                                             <input name="h_csp_font_https" type="checkbox" id="h_csp_font_https"  value="checked" <?php echo @$config['h_csp_font_https']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_https'); ?>
 775 |                                         </label>
 776 |                                         </div>
 777 |                                     </li> 
 778 |                                     <li>
 779 |                                         <div class="checkbox toggle">
 780 |                                         <label for="h_csp_font_data">
 781 |                                             <input name="h_csp_font_data" type="checkbox" id="h_csp_font_data"  value="checked" <?php echo @$config['h_csp_font_data']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_data'); ?>
 782 |                                         </label>
 783 |                                         </div>
 784 |                                     </li> 
 785 |                                     <li>
 786 |                                         <div class="checkbox toggle">
 787 |                                         <label for="h_csp_font_blob">
 788 |                                             <input name="h_csp_font_blob" type="checkbox" id="h_csp_font_blob"  value="checked" <?php echo @$config['h_csp_font_blob']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_blob'); ?>
 789 |                                         </label>
 790 |                                         </div>
 791 |                                     </li> 
 792 |                                     <li>
 793 |                                         <div class="checkbox toggle">
 794 |                                         <label for="h_csp_font_self">
 795 |                                             <input name="h_csp_font_self" type="checkbox" id="h_csp_font_self"  value="checked" <?php echo @$config['h_csp_font_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
 796 |                                         </label>
 797 |                                         </div>
 798 |                                     </li> 
 799 |                                     <li>
 800 |                                         <div class="checkbox toggle">
 801 |                                         <label for="h_csp_font_inline">
 802 |                                             <input name="h_csp_font_inline" type="checkbox" id="h_csp_font_inline"  value="checked" <?php echo @$config['h_csp_font_inline']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_inline'); ?>
 803 |                                         </label>
 804 |                                         </div>
 805 |                                     </li> 
 806 |                                     <li>
 807 |                                         <div class="checkbox toggle">
 808 |                                         <label for="h_csp_font_eval">
 809 |                                             <input name="h_csp_font_eval" type="checkbox" id="h_csp_font_eval"  value="checked" <?php echo @$config['h_csp_font_eval']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_eval'); ?>
 810 |                                         </label>
 811 |                                         </div>
 812 |                                     </li> 
 813 |                                     <li>
 814 |                                         <div class="checkbox toggle">
 815 |                                         <label for="h_csp_font_hashes">
 816 |                                             <input name="h_csp_font_hashes" type="checkbox" id="h_csp_font_hashes"  value="checked" <?php echo @$config['h_csp_font_hashes']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_hashes'); ?>
 817 |                                         </label>
 818 |                                         </div>
 819 |                                     </li> 
 820 |                                     <li>
 821 |                                         <div class="checkbox toggle">
 822 |                                         <label for="h_csp_font_none">
 823 |                                             <input name="h_csp_font_none" type="checkbox" id="h_csp_font_none"  value="checked" <?php echo @$config['h_csp_font_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
 824 |                                         </label>
 825 |                                         </div>
 826 |                                     </li>
 827 | 									
 828 |                                     <li>
 829 | 										<br />
 830 | 										<input type="text" size="25" name="h_csp_font_url" id="h_csp_font_url" value="<?php echo aFM_maskChar(@$config['h_csp_font_url']); ?>" class="form-control" placeholder="<?php echo aFM_noQuote($this->i18n('a1656_bas_h_csp_url_example')); ?>" />
 831 |                                     </li>
 832 |                                 </ul>
 833 |                             </div>
 834 |                     
 835 |                             
 836 |                             <!-- script-src -->
 837 |                             <div class="cspblock">
 838 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_csp_script'); ?></label>
 839 |                             
 840 |                                 <ul>
 841 |                                     <li>
 842 |                                         <div class="checkbox toggle">
 843 |                                         <label for="h_csp_script_https">
 844 |                                             <input name="h_csp_script_https" type="checkbox" id="h_csp_script_https"  value="checked" <?php echo @$config['h_csp_script_https']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_https'); ?>
 845 |                                         </label>
 846 |                                         </div>
 847 |                                     </li> 
 848 |                                     <li>
 849 |                                         <div class="checkbox toggle">
 850 |                                         <label for="h_csp_script_data">
 851 |                                             <input name="h_csp_script_data" type="checkbox" id="h_csp_script_data"  value="checked" <?php echo @$config['h_csp_script_data']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_data'); ?>
 852 |                                         </label>
 853 |                                         </div>
 854 |                                     </li> 
 855 |                                     <li>
 856 |                                         <div class="checkbox toggle">
 857 |                                         <label for="h_csp_script_blob">
 858 |                                             <input name="h_csp_script_blob" type="checkbox" id="h_csp_script_blob"  value="checked" <?php echo @$config['h_csp_script_blob']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_blob'); ?>
 859 |                                         </label>
 860 |                                         </div>
 861 |                                     </li> 
 862 |                                     <li>
 863 |                                         <div class="checkbox toggle">
 864 |                                         <label for="h_csp_script_self">
 865 |                                             <input name="h_csp_script_self" type="checkbox" id="h_csp_script_self"  value="checked" <?php echo @$config['h_csp_script_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
 866 |                                         </label>
 867 |                                         </div>
 868 |                                     </li> 
 869 |                                     <li>
 870 |                                         <div class="checkbox toggle">
 871 |                                         <label for="h_csp_script_inline">
 872 |                                             <input name="h_csp_script_inline" type="checkbox" id="h_csp_script_inline"  value="checked" <?php echo @$config['h_csp_script_inline']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_inline'); ?>
 873 |                                         </label>
 874 |                                         </div>
 875 |                                     </li> 
 876 |                                     <li>
 877 |                                         <div class="checkbox toggle">
 878 |                                         <label for="h_csp_script_eval">
 879 |                                             <input name="h_csp_script_eval" type="checkbox" id="h_csp_script_eval"  value="checked" <?php echo @$config['h_csp_script_eval']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_eval'); ?>
 880 |                                         </label>
 881 |                                         </div>
 882 |                                     </li> 
 883 |                                     <li>
 884 |                                         <div class="checkbox toggle">
 885 |                                         <label for="h_csp_script_hashes">
 886 |                                             <input name="h_csp_script_hashes" type="checkbox" id="h_csp_script_hashes"  value="checked" <?php echo @$config['h_csp_script_hashes']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_hashes'); ?>
 887 |                                         </label>
 888 |                                         </div>
 889 |                                     </li> 
 890 |                                     <li>
 891 |                                         <div class="checkbox toggle">
 892 |                                         <label for="h_csp_script_none">
 893 |                                             <input name="h_csp_script_none" type="checkbox" id="h_csp_script_none"  value="checked" <?php echo @$config['h_csp_script_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
 894 |                                         </label>
 895 |                                         </div>
 896 |                                     </li>
 897 | 									
 898 |                                     <li>
 899 | 										<br />
 900 | 										<input type="text" size="25" name="h_csp_script_url" id="h_csp_script_url" value="<?php echo aFM_maskChar(@$config['h_csp_script_url']); ?>" class="form-control" placeholder="<?php echo aFM_noQuote($this->i18n('a1656_bas_h_csp_url_example')); ?>" />
 901 |                                     </li>
 902 |                                 </ul>
 903 |                             </div>
 904 |                     
 905 |                             
 906 |                             <!-- style-src -->
 907 |                             <div class="cspblock">
 908 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_csp_style'); ?></label>
 909 |                             
 910 |                                 <ul>
 911 |                                     <li>
 912 |                                         <div class="checkbox toggle">
 913 |                                         <label for="h_csp_style_https">
 914 |                                             <input name="h_csp_style_https" type="checkbox" id="h_csp_style_https"  value="checked" <?php echo @$config['h_csp_style_https']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_https'); ?>
 915 |                                         </label>
 916 |                                         </div>
 917 |                                     </li> 
 918 |                                     <li>
 919 |                                         <div class="checkbox toggle">
 920 |                                         <label for="h_csp_style_data">
 921 |                                             <input name="h_csp_style_data" type="checkbox" id="h_csp_style_data"  value="checked" <?php echo @$config['h_csp_style_data']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_data'); ?>
 922 |                                         </label>
 923 |                                         </div>
 924 |                                     </li> 
 925 |                                     <li>
 926 |                                         <div class="checkbox toggle">
 927 |                                         <label for="h_csp_style_blob">
 928 |                                             <input name="h_csp_style_blob" type="checkbox" id="h_csp_style_blob"  value="checked" <?php echo @$config['h_csp_style_blob']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_blob'); ?>
 929 |                                         </label>
 930 |                                         </div>
 931 |                                     </li> 
 932 |                                     <li>
 933 |                                         <div class="checkbox toggle">
 934 |                                         <label for="h_csp_style_self">
 935 |                                             <input name="h_csp_style_self" type="checkbox" id="h_csp_style_self"  value="checked" <?php echo @$config['h_csp_style_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
 936 |                                         </label>
 937 |                                         </div>
 938 |                                     </li> 
 939 |                                     <li>
 940 |                                         <div class="checkbox toggle">
 941 |                                         <label for="h_csp_style_inline">
 942 |                                             <input name="h_csp_style_inline" type="checkbox" id="h_csp_style_inline"  value="checked" <?php echo @$config['h_csp_style_inline']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_inline'); ?>
 943 |                                         </label>
 944 |                                         </div>
 945 |                                     </li> 
 946 |                                     <li>
 947 |                                         <div class="checkbox toggle">
 948 |                                         <label for="h_csp_style_eval">
 949 |                                             <input name="h_csp_style_eval" type="checkbox" id="h_csp_style_eval"  value="checked" <?php echo @$config['h_csp_style_eval']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_eval'); ?>
 950 |                                         </label>
 951 |                                         </div>
 952 |                                     </li> 
 953 |                                     <li>
 954 |                                         <div class="checkbox toggle">
 955 |                                         <label for="h_csp_style_hashes">
 956 |                                             <input name="h_csp_style_hashes" type="checkbox" id="h_csp_style_hashes"  value="checked" <?php echo @$config['h_csp_style_hashes']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_hashes'); ?>
 957 |                                         </label>
 958 |                                         </div>
 959 |                                     </li> 
 960 |                                     <li>
 961 |                                         <div class="checkbox toggle">
 962 |                                         <label for="h_csp_style_none">
 963 |                                             <input name="h_csp_style_none" type="checkbox" id="h_csp_style_none"  value="checked" <?php echo @$config['h_csp_style_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
 964 |                                         </label>
 965 |                                         </div>
 966 |                                     </li>
 967 | 									
 968 |                                     <li>
 969 | 										<br />
 970 | 										<input type="text" size="25" name="h_csp_style_url" id="h_csp_style_url" value="<?php echo aFM_maskChar(@$config['h_csp_style_url']); ?>" class="form-control" placeholder="<?php echo aFM_noQuote($this->i18n('a1656_bas_h_csp_url_example')); ?>" />
 971 |                                     </li>
 972 |                                 </ul>
 973 |                             </div>
 974 |                     
 975 |                             
 976 |                             <!-- object-src -->
 977 |                             <div class="cspblock">
 978 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_csp_object'); ?></label>
 979 |                             
 980 |                                 <ul>
 981 |                                     <li>
 982 |                                         <div class="checkbox toggle">
 983 |                                         <label for="h_csp_object_https">
 984 |                                             <input name="h_csp_object_https" type="checkbox" id="h_csp_object_https"  value="checked" <?php echo @$config['h_csp_object_https']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_https'); ?>
 985 |                                         </label>
 986 |                                         </div>
 987 |                                     </li> 
 988 |                                     <li>
 989 |                                         <div class="checkbox toggle">
 990 |                                         <label for="h_csp_object_data">
 991 |                                             <input name="h_csp_object_data" type="checkbox" id="h_csp_object_data"  value="checked" <?php echo @$config['h_csp_object_data']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_data'); ?>
 992 |                                         </label>
 993 |                                         </div>
 994 |                                     </li> 
 995 |                                     <li>
 996 |                                         <div class="checkbox toggle">
 997 |                                         <label for="h_csp_object_blob">
 998 |                                             <input name="h_csp_object_blob" type="checkbox" id="h_csp_object_blob"  value="checked" <?php echo @$config['h_csp_object_blob']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_blob'); ?>
 999 |                                         </label>
1000 |                                         </div>
1001 |                                     </li> 
1002 |                                     <li>
1003 |                                         <div class="checkbox toggle">
1004 |                                         <label for="h_csp_object_self">
1005 |                                             <input name="h_csp_object_self" type="checkbox" id="h_csp_object_self"  value="checked" <?php echo @$config['h_csp_object_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
1006 |                                         </label>
1007 |                                         </div>
1008 |                                     </li> 
1009 |                                     <li>
1010 |                                         <div class="checkbox toggle">
1011 |                                         <label for="h_csp_object_inline">
1012 |                                             <input name="h_csp_object_inline" type="checkbox" id="h_csp_object_inline"  value="checked" <?php echo @$config['h_csp_object_inline']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_inline'); ?>
1013 |                                         </label>
1014 |                                         </div>
1015 |                                     </li> 
1016 |                                     <li>
1017 |                                         <div class="checkbox toggle">
1018 |                                         <label for="h_csp_object_eval">
1019 |                                             <input name="h_csp_object_eval" type="checkbox" id="h_csp_object_eval"  value="checked" <?php echo @$config['h_csp_object_eval']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_eval'); ?>
1020 |                                         </label>
1021 |                                         </div>
1022 |                                     </li> 
1023 |                                     <li>
1024 |                                         <div class="checkbox toggle">
1025 |                                         <label for="h_csp_object_hashes">
1026 |                                             <input name="h_csp_object_hashes" type="checkbox" id="h_csp_object_hashes"  value="checked" <?php echo @$config['h_csp_object_hashes']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_hashes'); ?>
1027 |                                         </label>
1028 |                                         </div>
1029 |                                     </li> 
1030 |                                     <li>
1031 |                                         <div class="checkbox toggle">
1032 |                                         <label for="h_csp_object_none">
1033 |                                             <input name="h_csp_object_none" type="checkbox" id="h_csp_object_none"  value="checked" <?php echo @$config['h_csp_object_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
1034 |                                         </label>
1035 |                                         </div>
1036 |                                     </li>
1037 | 									
1038 |                                     <li>
1039 | 										<br />
1040 | 										<input type="text" size="25" name="h_csp_object_url" id="h_csp_object_url" value="<?php echo aFM_maskChar(@$config['h_csp_object_url']); ?>" class="form-control" placeholder="<?php echo aFM_noQuote($this->i18n('a1656_bas_h_csp_url_example')); ?>" />
1041 |                                     </li>
1042 |                                 </ul>
1043 |                             </div>
1044 |                     
1045 |                             
1046 |                             <!-- form-action -->
1047 |                             <div class="cspblock">
1048 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_csp_form'); ?></label>
1049 |                             
1050 |                                 <ul>
1051 |                                     <li>
1052 |                                         <div class="checkbox toggle">
1053 |                                         <label for="h_csp_form_https">
1054 |                                             <input name="h_csp_form_https" type="checkbox" id="h_csp_form_https"  value="checked" <?php echo @$config['h_csp_form_https']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_https'); ?>
1055 |                                         </label>
1056 |                                         </div>
1057 |                                     </li> 
1058 |                                     <li>
1059 |                                         <div class="checkbox toggle">
1060 |                                         <label for="h_csp_form_data">
1061 |                                             <input name="h_csp_form_data" type="checkbox" id="h_csp_form_data"  value="checked" <?php echo @$config['h_csp_form_data']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_data'); ?>
1062 |                                         </label>
1063 |                                         </div>
1064 |                                     </li> 
1065 |                                     <li>
1066 |                                         <div class="checkbox toggle">
1067 |                                         <label for="h_csp_form_blob">
1068 |                                             <input name="h_csp_form_blob" type="checkbox" id="h_csp_form_blob"  value="checked" <?php echo @$config['h_csp_form_blob']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_blob'); ?>
1069 |                                         </label>
1070 |                                         </div>
1071 |                                     </li> 
1072 |                                     <li>
1073 |                                         <div class="checkbox toggle">
1074 |                                         <label for="h_csp_form_self">
1075 |                                             <input name="h_csp_form_self" type="checkbox" id="h_csp_form_self"  value="checked" <?php echo @$config['h_csp_form_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
1076 |                                         </label>
1077 |                                         </div>
1078 |                                     </li> 
1079 |                                     <li>
1080 |                                         <div class="checkbox toggle">
1081 |                                         <label for="h_csp_form_inline">
1082 |                                             <input name="h_csp_form_inline" type="checkbox" id="h_csp_form_inline"  value="checked" <?php echo @$config['h_csp_form_inline']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_inline'); ?>
1083 |                                         </label>
1084 |                                         </div>
1085 |                                     </li> 
1086 |                                     <li>
1087 |                                         <div class="checkbox toggle">
1088 |                                         <label for="h_csp_form_eval">
1089 |                                             <input name="h_csp_form_eval" type="checkbox" id="h_csp_form_eval"  value="checked" <?php echo @$config['h_csp_form_eval']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_eval'); ?>
1090 |                                         </label>
1091 |                                         </div>
1092 |                                     </li> 
1093 |                                     <li>
1094 |                                         <div class="checkbox toggle">
1095 |                                         <label for="h_csp_form_hashes">
1096 |                                             <input name="h_csp_form_hashes" type="checkbox" id="h_csp_form_hashes"  value="checked" <?php echo @$config['h_csp_form_hashes']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_hashes'); ?>
1097 |                                         </label>
1098 |                                         </div>
1099 |                                     </li> 
1100 |                                     <li>
1101 |                                         <div class="checkbox toggle">
1102 |                                         <label for="h_csp_form_none">
1103 |                                             <input name="h_csp_form_none" type="checkbox" id="h_csp_form_none"  value="checked" <?php echo @$config['h_csp_form_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
1104 |                                         </label>
1105 |                                         </div>
1106 |                                     </li>
1107 | 									
1108 |                                     <li>
1109 | 										<br />
1110 | 										<input type="text" size="25" name="h_csp_form_url" id="h_csp_form_url" value="<?php echo aFM_maskChar(@$config['h_csp_form_url']); ?>" class="form-control" placeholder="<?php echo aFM_noQuote($this->i18n('a1656_bas_h_csp_url_example')); ?>" />
1111 |                                     </li>
1112 |                                 </ul>
1113 |                             </div>
1114 |                     
1115 |                             
1116 |                             <!-- frame-src -->
1117 |                             <div class="cspblock">
1118 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_csp_frame'); ?></label>
1119 |                             
1120 |                                 <ul>
1121 |                                     <li>
1122 |                                         <div class="checkbox toggle">
1123 |                                         <label for="h_csp_frame_https">
1124 |                                             <input name="h_csp_frame_https" type="checkbox" id="h_csp_frame_https"  value="checked" <?php echo @$config['h_csp_frame_https']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_https'); ?>
1125 |                                         </label>
1126 |                                         </div>
1127 |                                     </li> 
1128 |                                     <li>
1129 |                                         <div class="checkbox toggle">
1130 |                                         <label for="h_csp_frame_data">
1131 |                                             <input name="h_csp_frame_data" type="checkbox" id="h_csp_frame_data"  value="checked" <?php echo @$config['h_csp_frame_data']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_data'); ?>
1132 |                                         </label>
1133 |                                         </div>
1134 |                                     </li> 
1135 |                                     <li>
1136 |                                         <div class="checkbox toggle">
1137 |                                         <label for="h_csp_frame_blob">
1138 |                                             <input name="h_csp_frame_blob" type="checkbox" id="h_csp_frame_blob"  value="checked" <?php echo @$config['h_csp_frame_blob']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_blob'); ?>
1139 |                                         </label>
1140 |                                         </div>
1141 |                                     </li> 
1142 |                                     <li>
1143 |                                         <div class="checkbox toggle">
1144 |                                         <label for="h_csp_frame_self">
1145 |                                             <input name="h_csp_frame_self" type="checkbox" id="h_csp_frame_self"  value="checked" <?php echo @$config['h_csp_frame_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
1146 |                                         </label>
1147 |                                         </div>
1148 |                                     </li> 
1149 |                                     <li>
1150 |                                         <div class="checkbox toggle">
1151 |                                         <label for="h_csp_frame_inline">
1152 |                                             <input name="h_csp_frame_inline" type="checkbox" id="h_csp_frame_inline"  value="checked" <?php echo @$config['h_csp_frame_inline']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_inline'); ?>
1153 |                                         </label>
1154 |                                         </div>
1155 |                                     </li> 
1156 |                                     <li>
1157 |                                         <div class="checkbox toggle">
1158 |                                         <label for="h_csp_frame_eval">
1159 |                                             <input name="h_csp_frame_eval" type="checkbox" id="h_csp_frame_eval"  value="checked" <?php echo @$config['h_csp_frame_eval']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_eval'); ?>
1160 |                                         </label>
1161 |                                         </div>
1162 |                                     </li> 
1163 |                                     <li>
1164 |                                         <div class="checkbox toggle">
1165 |                                         <label for="h_csp_frame_hashes">
1166 |                                             <input name="h_csp_frame_hashes" type="checkbox" id="h_csp_frame_hashes"  value="checked" <?php echo @$config['h_csp_frame_hashes']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_hashes'); ?>
1167 |                                         </label>
1168 |                                         </div>
1169 |                                     </li> 
1170 |                                     <li>
1171 |                                         <div class="checkbox toggle">
1172 |                                         <label for="h_csp_frame_none">
1173 |                                             <input name="h_csp_frame_none" type="checkbox" id="h_csp_frame_none"  value="checked" <?php echo @$config['h_csp_frame_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
1174 |                                         </label>
1175 |                                         </div>
1176 |                                     </li>
1177 | 									
1178 |                                     <li>
1179 | 										<br />
1180 | 										<input type="text" size="25" name="h_csp_frame_url" id="h_csp_frame_url" value="<?php echo aFM_maskChar(@$config['h_csp_frame_url']); ?>" class="form-control" placeholder="<?php echo aFM_noQuote($this->i18n('a1656_bas_h_csp_url_example')); ?>" />
1181 |                                     </li>
1182 |                                 </ul>
1183 |                             </div>
1184 |                     
1185 |                             
1186 |                             <!-- frame-ancestors -->
1187 |                             <div class="cspblock">
1188 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_csp_frameanc'); ?></label>
1189 |                             
1190 |                                 <ul>
1191 |                                     <li>
1192 |                                         <div class="checkbox toggle">
1193 |                                         <label for="h_csp_frameanc_https">
1194 |                                             <input name="h_csp_frameanc_https" type="checkbox" id="h_csp_frameanc_https"  value="checked" <?php echo @$config['h_csp_frameanc_https']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_https'); ?>
1195 |                                         </label>
1196 |                                         </div>
1197 |                                     </li> 
1198 |                                     <li>
1199 |                                         <div class="checkbox toggle">
1200 |                                         <label for="h_csp_frameanc_data">
1201 |                                             <input name="h_csp_frameanc_data" type="checkbox" id="h_csp_frameanc_data"  value="checked" <?php echo @$config['h_csp_frameanc_data']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_data'); ?>
1202 |                                         </label>
1203 |                                         </div>
1204 |                                     </li> 
1205 |                                     <li>
1206 |                                         <div class="checkbox toggle">
1207 |                                         <label for="h_csp_frameanc_blob">
1208 |                                             <input name="h_csp_frameanc_blob" type="checkbox" id="h_csp_frameanc_blob"  value="checked" <?php echo @$config['h_csp_frameanc_blob']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_blob'); ?>
1209 |                                         </label>
1210 |                                         </div>
1211 |                                     </li> 
1212 |                                     <li>
1213 |                                         <div class="checkbox toggle">
1214 |                                         <label for="h_csp_frameanc_self">
1215 |                                             <input name="h_csp_frameanc_self" type="checkbox" id="h_csp_frameanc_self"  value="checked" <?php echo @$config['h_csp_frameanc_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
1216 |                                         </label>
1217 |                                         </div>
1218 |                                     </li> 
1219 |                                     <li>
1220 |                                         <div class="checkbox toggle">
1221 |                                         <label for="h_csp_frameanc_none">
1222 |                                             <input name="h_csp_frameanc_none" type="checkbox" id="h_csp_frameanc_none"  value="checked" <?php echo @$config['h_csp_frameanc_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
1223 |                                         </label>
1224 |                                         </div>
1225 |                                     </li>
1226 | 									
1227 |                                     <li>
1228 | 										<br />
1229 | 										<input type="text" size="25" name="h_csp_frameanc_url" id="h_csp_frameanc_url" value="<?php echo aFM_maskChar(@$config['h_csp_frameanc_url']); ?>" class="form-control" placeholder="<?php echo aFM_noQuote($this->i18n('a1656_bas_h_csp_url_example')); ?>" />
1230 |                                     </li>
1231 |                                 </ul>
1232 |                             </div>                    
1233 |                     
1234 |                             
1235 |                             <!-- connect-src -->
1236 |                             <div class="cspblock">
1237 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_csp_connect'); ?></label>
1238 |                             
1239 |                                 <ul>
1240 |                                     <li>
1241 |                                         <div class="checkbox toggle">
1242 |                                         <label for="h_csp_connect_https">
1243 |                                             <input name="h_csp_connect_https" type="checkbox" id="h_csp_connect_https"  value="checked" <?php echo @$config['h_csp_connect_https']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_https'); ?>
1244 |                                         </label>
1245 |                                         </div>
1246 |                                     </li> 
1247 |                                     <li>
1248 |                                         <div class="checkbox toggle">
1249 |                                         <label for="h_csp_connect_data">
1250 |                                             <input name="h_csp_connect_data" type="checkbox" id="h_csp_connect_data"  value="checked" <?php echo @$config['h_csp_connect_data']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_data'); ?>
1251 |                                         </label>
1252 |                                         </div>
1253 |                                     </li> 
1254 |                                     <li>
1255 |                                         <div class="checkbox toggle">
1256 |                                         <label for="h_csp_connect_blob">
1257 |                                             <input name="h_csp_connect_blob" type="checkbox" id="h_csp_connect_blob"  value="checked" <?php echo @$config['h_csp_connect_blob']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_blob'); ?>
1258 |                                         </label>
1259 |                                         </div>
1260 |                                     </li> 
1261 |                                     <li>
1262 |                                         <div class="checkbox toggle">
1263 |                                         <label for="h_csp_connect_self">
1264 |                                             <input name="h_csp_connect_self" type="checkbox" id="h_csp_connect_self"  value="checked" <?php echo @$config['h_csp_connect_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
1265 |                                         </label>
1266 |                                         </div>
1267 |                                     </li> 
1268 |                                     <li>
1269 |                                         <div class="checkbox toggle">
1270 |                                         <label for="h_csp_connect_inline">
1271 |                                             <input name="h_csp_connect_inline" type="checkbox" id="h_csp_connect_inline"  value="checked" <?php echo @$config['h_csp_connect_inline']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_inline'); ?>
1272 |                                         </label>
1273 |                                         </div>
1274 |                                     </li> 
1275 |                                     <li>
1276 |                                         <div class="checkbox toggle">
1277 |                                         <label for="h_csp_connect_eval">
1278 |                                             <input name="h_csp_connect_eval" type="checkbox" id="h_csp_connect_eval"  value="checked" <?php echo @$config['h_csp_connect_eval']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_eval'); ?>
1279 |                                         </label>
1280 |                                         </div>
1281 |                                     </li> 
1282 |                                     <li>
1283 |                                         <div class="checkbox toggle">
1284 |                                         <label for="h_csp_connect_hashes">
1285 |                                             <input name="h_csp_connect_hashes" type="checkbox" id="h_csp_connect_hashes"  value="checked" <?php echo @$config['h_csp_connect_hashes']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_hashes'); ?>
1286 |                                         </label>
1287 |                                         </div>
1288 |                                     </li> 
1289 |                                     <li>
1290 |                                         <div class="checkbox toggle">
1291 |                                         <label for="h_csp_connect_none">
1292 |                                             <input name="h_csp_connect_none" type="checkbox" id="h_csp_connect_none"  value="checked" <?php echo @$config['h_csp_connect_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
1293 |                                         </label>
1294 |                                         </div>
1295 |                                     </li>
1296 | 									
1297 |                                     <li>
1298 | 										<br />
1299 | 										<input type="text" size="25" name="h_csp_connect_url" id="h_csp_connect_url" value="<?php echo aFM_maskChar(@$config['h_csp_connect_url']); ?>" class="form-control" placeholder="<?php echo aFM_noQuote($this->i18n('a1656_bas_h_csp_url_example')); ?>" />
1300 |                                     </li>
1301 |                                 </ul>
1302 |                             </div>
1303 |                     
1304 |                             
1305 |                             <!-- manifest-src -->
1306 |                             <div class="cspblock">
1307 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_csp_manifest'); ?></label>
1308 |                             
1309 |                                 <ul>
1310 |                                     <li>
1311 |                                         <div class="checkbox toggle">
1312 |                                         <label for="h_csp_manifest_https">
1313 |                                             <input name="h_csp_manifest_https" type="checkbox" id="h_csp_manifest_https"  value="checked" <?php echo @$config['h_csp_manifest_https']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_https'); ?>
1314 |                                         </label>
1315 |                                         </div>
1316 |                                     </li> 
1317 |                                     <li>
1318 |                                         <div class="checkbox toggle">
1319 |                                         <label for="h_csp_manifest_data">
1320 |                                             <input name="h_csp_manifest_data" type="checkbox" id="h_csp_manifest_data"  value="checked" <?php echo @$config['h_csp_manifest_data']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_data'); ?>
1321 |                                         </label>
1322 |                                         </div>
1323 |                                     </li> 
1324 |                                     <li>
1325 |                                         <div class="checkbox toggle">
1326 |                                         <label for="h_csp_manifest_blob">
1327 |                                             <input name="h_csp_manifest_blob" type="checkbox" id="h_csp_manifest_blob"  value="checked" <?php echo @$config['h_csp_manifest_blob']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_blob'); ?>
1328 |                                         </label>
1329 |                                         </div>
1330 |                                     </li> 
1331 |                                     <li>
1332 |                                         <div class="checkbox toggle">
1333 |                                         <label for="h_csp_manifest_self">
1334 |                                             <input name="h_csp_manifest_self" type="checkbox" id="h_csp_manifest_self"  value="checked" <?php echo @$config['h_csp_manifest_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
1335 |                                         </label>
1336 |                                         </div>
1337 |                                     </li> 
1338 |                                     <li>
1339 |                                         <div class="checkbox toggle">
1340 |                                         <label for="h_csp_manifest_inline">
1341 |                                             <input name="h_csp_manifest_inline" type="checkbox" id="h_csp_manifest_inline"  value="checked" <?php echo @$config['h_csp_manifest_inline']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_inline'); ?>
1342 |                                         </label>
1343 |                                         </div>
1344 |                                     </li> 
1345 |                                     <li>
1346 |                                         <div class="checkbox toggle">
1347 |                                         <label for="h_csp_manifest_eval">
1348 |                                             <input name="h_csp_manifest_eval" type="checkbox" id="h_csp_manifest_eval"  value="checked" <?php echo @$config['h_csp_manifest_eval']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_eval'); ?>
1349 |                                         </label>
1350 |                                         </div>
1351 |                                     </li> 
1352 |                                     <li>
1353 |                                         <div class="checkbox toggle">
1354 |                                         <label for="h_csp_manifest_hashes">
1355 |                                             <input name="h_csp_manifest_hashes" type="checkbox" id="h_csp_manifest_hashes"  value="checked" <?php echo @$config['h_csp_manifest_hashes']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_hashes'); ?>
1356 |                                         </label>
1357 |                                         </div>
1358 |                                     </li> 
1359 |                                     <li>
1360 |                                         <div class="checkbox toggle">
1361 |                                         <label for="h_csp_manifest_none">
1362 |                                             <input name="h_csp_manifest_none" type="checkbox" id="h_csp_manifest_none"  value="checked" <?php echo @$config['h_csp_manifest_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
1363 |                                         </label>
1364 |                                         </div>
1365 |                                     </li>
1366 | 									
1367 |                                     <li>
1368 | 										<br />
1369 | 										<input type="text" size="25" name="h_csp_manifest_url" id="h_csp_manifest_url" value="<?php echo aFM_maskChar(@$config['h_csp_manifest_url']); ?>" class="form-control" placeholder="<?php echo aFM_noQuote($this->i18n('a1656_bas_h_csp_url_example')); ?>" />
1370 |                                     </li>
1371 |                                 </ul>
1372 |                             </div>
1373 | 							
1374 | 
1375 |                         </dd>
1376 |                     </dl>
1377 | 				</div>
1378 |                 </div>
1379 |                 
1380 |                 
1381 |                 <div class="checkbox toggle includebackend">
1382 |                     <label for="h_csp_be">
1383 |                         <input name="h_csp_be" type="checkbox" id="h_csp_be"  value="checked" <?php echo @$config['h_csp_be']; ?> /> <?php echo $this->i18n('a1656_bas_includebackend'); ?>
1384 |                     </label>
1385 |                 </div> 
1386 |             </div>
1387 |             
1388 | 
1389 | 			
1390 |             <!-- Feature-Policy / Permissions-Policy -->
1391 |             <div class="boxed-group hh-highrisk">
1392 |                 <dl class="rex-form-group form-group">
1393 |                     <dt><label for=""><?php echo $this->i18n('a1656_bas_h_fpp'); ?> <a class="modallink" data-toggle="modal" data-target="#httpmodal" data-title="Feature- & Permissions-Policy" data-content="#datacontent-fpp"><i class="rex-icon fa-question-circle"></i></a></label></dt>
1394 |                     <dd>
1395 |                         <div class="checkbox toggle">
1396 |                         <label for="h_fpp">
1397 |                             <input name="h_fpp" type="checkbox" id="h_fpp"  value="checked" <?php echo @$config['h_fpp']; ?> data-opener="#h_fpp_option" /> <?php echo $this->i18n('a1656_bas_active'); ?>
1398 |                         </label>
1399 |                         </div>
1400 |                     </dd>
1401 |                 </dl>
1402 |  
1403 |  				<div class="hiddencontent <?php echo @$config['h_fpp']; ?>" id="h_fpp_option">
1404 |                 <dl class="rex-form-group form-group">
1405 |                     <dt><label for="" class="nobold"><?php echo $this->i18n('a1656_bas_h_fpp_noeditor'); ?></label></dt>
1406 |                     <dd>
1407 |                         <div class="checkbox toggle">
1408 |                         <label for="h_fpp_noeditor">
1409 |                             <input name="h_fpp_noeditor" type="checkbox" id="h_fpp_noeditor"  value="checked" <?php echo @$config['h_fpp_noeditor']; ?> /> <?php echo $this->i18n('a1656_yes'); ?>
1410 |                         </label>
1411 |                         </div>
1412 |                     </dd>
1413 |                 </dl>
1414 |                 
1415 |                 
1416 |                 <dl class="rex-form-group form-group"><dt>&nbsp;</dt></dl>
1417 |                 
1418 |                 
1419 |                 <div class="hiddencontent <?php echo @$config['h_fpp_noeditor']; ?>" id="h_fpp_option_noeditor">
1420 |                 	<!-- Feature-Policy-Eingabefeld -->
1421 |                     <dl class="rex-form-group form-group">
1422 |                         <dt><label for="" class="nobold"><?php echo $this->i18n('a1656_bas_h_fpp_definition_f'); ?></label></dt>
1423 |                         <dd>                        
1424 |                             <input type="text" size="25" name="h_fpp_definition_f" id="h_fpp_definition_f" value="<?php echo @$config['h_fpp_definition_f']; ?>" class="form-control" placeholder="<?php echo aFM_noQuote($this->i18n('a1656_bas_h_fpp_definition_f_example')); ?>" />
1425 |                         </dd>
1426 |                     </dl>
1427 |                     
1428 |                 	<!-- Permissions-Policy-Eingabefeld -->
1429 |                     <dl class="rex-form-group form-group">
1430 |                         <dt><label for="" class="nobold"><?php echo $this->i18n('a1656_bas_h_fpp_definition_p'); ?></label></dt>
1431 |                         <dd>                        
1432 |                             <input type="text" size="25" name="h_fpp_definition_p" id="h_fpp_definition_p" value="<?php echo @$config['h_fpp_definition_p']; ?>" class="form-control" placeholder="<?php echo aFM_noQuote($this->i18n('a1656_bas_h_fpp_definition_p_example')); ?>" />
1433 |                         </dd>
1434 |                     </dl>
1435 | 				</div>
1436 |                 
1437 |                 
1438 |                 <div class="hiddencontent <?php echo (@$config['h_fpp_noeditor'] != 'checked') ? 'checked' : ''; ?>" id="h_fpp_option_editor">
1439 |                 	<!-- FPP-Editorfelder -->
1440 |                     <dl class="rex-form-group form-group">
1441 |                         <dt><label for="" class="nobold"><?php echo $this->i18n('a1656_bas_h_fpp_editor'); ?></label></dt>
1442 |                         <dd>      
1443 |                                           
1444 |                             <!-- camera -->
1445 |                             <div class="cspblock">
1446 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_fpp_camera'); ?></label>
1447 |                             
1448 |                                 <ul>
1449 |                                     <li>
1450 |                                         <div class="checkbox toggle">
1451 |                                         <label for="h_fpp_cam_self">
1452 |                                             <input name="h_fpp_cam_self" type="checkbox" id="h_fpp_cam_self"  value="checked" <?php echo @$config['h_fpp_cam_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
1453 |                                         </label>
1454 |                                         </div>
1455 |                                     </li> 
1456 |                                     <li>
1457 |                                         <div class="checkbox toggle">
1458 |                                         <label for="h_fpp_cam_none">
1459 |                                             <input name="h_fpp_cam_none" type="checkbox" id="h_fpp_cam_none"  value="checked" <?php echo @$config['h_fpp_cam_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
1460 |                                         </label>
1461 |                                         </div>
1462 |                                     </li> 
1463 |                                 </ul>
1464 |                             </div>
1465 |                             
1466 |                                           
1467 |                             <!-- gelocation -->
1468 |                             <div class="cspblock">
1469 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_fpp_geolocation'); ?></label>
1470 |                             
1471 |                                 <ul>
1472 |                                     <li>
1473 |                                         <div class="checkbox toggle">
1474 |                                         <label for="h_fpp_geo_self">
1475 |                                             <input name="h_fpp_geo_self" type="checkbox" id="h_fpp_geo_self"  value="checked" <?php echo @$config['h_fpp_geo_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
1476 |                                         </label>
1477 |                                         </div>
1478 |                                     </li> 
1479 |                                     <li>
1480 |                                         <div class="checkbox toggle">
1481 |                                         <label for="h_fpp_geo_none">
1482 |                                             <input name="h_fpp_geo_none" type="checkbox" id="h_fpp_geo_none"  value="checked" <?php echo @$config['h_fpp_geo_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
1483 |                                         </label>
1484 |                                         </div>
1485 |                                     </li> 
1486 |                                 </ul>
1487 |                             </div>
1488 |                             
1489 |                                           
1490 |                             <!-- gyroscope -->
1491 |                             <div class="cspblock">
1492 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_fpp_gyro'); ?></label>
1493 |                             
1494 |                                 <ul>
1495 |                                     <li>
1496 |                                         <div class="checkbox toggle">
1497 |                                         <label for="h_fpp_gyro_self">
1498 |                                             <input name="h_fpp_gyro_self" type="checkbox" id="h_fpp_gyro_self"  value="checked" <?php echo @$config['h_fpp_gyro_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
1499 |                                         </label>
1500 |                                         </div>
1501 |                                     </li> 
1502 |                                     <li>
1503 |                                         <div class="checkbox toggle">
1504 |                                         <label for="h_fpp_gyro_none">
1505 |                                             <input name="h_fpp_gyro_none" type="checkbox" id="h_fpp_gyro_none"  value="checked" <?php echo @$config['h_fpp_gyro_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
1506 |                                         </label>
1507 |                                         </div>
1508 |                                     </li> 
1509 |                                 </ul>
1510 |                             </div>
1511 |                             
1512 |                                           
1513 |                             <!-- magnetometer -->
1514 |                             <div class="cspblock">
1515 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_fpp_magnet'); ?></label>
1516 |                             
1517 |                                 <ul>
1518 |                                     <li>
1519 |                                         <div class="checkbox toggle">
1520 |                                         <label for="h_fpp_mag_self">
1521 |                                             <input name="h_fpp_mag_self" type="checkbox" id="h_fpp_mag_self"  value="checked" <?php echo @$config['h_fpp_mag_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
1522 |                                         </label>
1523 |                                         </div>
1524 |                                     </li> 
1525 |                                     <li>
1526 |                                         <div class="checkbox toggle">
1527 |                                         <label for="h_fpp_mag_none">
1528 |                                             <input name="h_fpp_mag_none" type="checkbox" id="h_fpp_mag_none"  value="checked" <?php echo @$config['h_fpp_mag_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
1529 |                                         </label>
1530 |                                         </div>
1531 |                                     </li> 
1532 |                                 </ul>
1533 |                             </div>
1534 |                             
1535 |                                           
1536 |                             <!-- microphone -->
1537 |                             <div class="cspblock">
1538 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_fpp_micro'); ?></label>
1539 |                             
1540 |                                 <ul>
1541 |                                     <li>
1542 |                                         <div class="checkbox toggle">
1543 |                                         <label for="h_fpp_mic_self">
1544 |                                             <input name="h_fpp_mic_self" type="checkbox" id="h_fpp_mic_self"  value="checked" <?php echo @$config['h_fpp_mic_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
1545 |                                         </label>
1546 |                                         </div>
1547 |                                     </li> 
1548 |                                     <li>
1549 |                                         <div class="checkbox toggle">
1550 |                                         <label for="h_fpp_mic_none">
1551 |                                             <input name="h_fpp_mic_none" type="checkbox" id="h_fpp_mic_none"  value="checked" <?php echo @$config['h_fpp_mic_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
1552 |                                         </label>
1553 |                                         </div>
1554 |                                     </li> 
1555 |                                 </ul>
1556 |                             </div>
1557 |                             
1558 |                                           
1559 |                             <!-- usb -->
1560 |                             <div class="cspblock">
1561 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_fpp_usb'); ?></label>
1562 |                             
1563 |                                 <ul>
1564 |                                     <li>
1565 |                                         <div class="checkbox toggle">
1566 |                                         <label for="h_fpp_usb_self">
1567 |                                             <input name="h_fpp_usb_self" type="checkbox" id="h_fpp_usb_self"  value="checked" <?php echo @$config['h_fpp_usb_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
1568 |                                         </label>
1569 |                                         </div>
1570 |                                     </li> 
1571 |                                     <li>
1572 |                                         <div class="checkbox toggle">
1573 |                                         <label for="h_fpp_usb_none">
1574 |                                             <input name="h_fpp_usb_none" type="checkbox" id="h_fpp_usb_none"  value="checked" <?php echo @$config['h_fpp_usb_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
1575 |                                         </label>
1576 |                                         </div>
1577 |                                     </li> 
1578 |                                 </ul>
1579 |                             </div>
1580 |                             
1581 |                                           
1582 |                             <!-- document-domain -->
1583 |                             <div class="cspblock">
1584 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_fpp_docdomain'); ?></label>
1585 |                             
1586 |                                 <ul>
1587 |                                     <li>
1588 |                                         <div class="checkbox toggle">
1589 |                                         <label for="h_fpp_docdom_self">
1590 |                                             <input name="h_fpp_docdom_self" type="checkbox" id="h_fpp_docdom_self"  value="checked" <?php echo @$config['h_fpp_docdom_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
1591 |                                         </label>
1592 |                                         </div>
1593 |                                     </li> 
1594 |                                     <li>
1595 |                                         <div class="checkbox toggle">
1596 |                                         <label for="h_fpp_docdom_none">
1597 |                                             <input name="h_fpp_docdom_none" type="checkbox" id="h_fpp_docdom_none"  value="checked" <?php echo @$config['h_fpp_docdom_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
1598 |                                         </label>
1599 |                                         </div>
1600 |                                     </li> 
1601 |                                 </ul>
1602 |                             </div>
1603 |                             
1604 |                                           
1605 |                             <!-- fullscreen -->
1606 |                             <div class="cspblock">
1607 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_fpp_fullscreen'); ?></label>
1608 |                             
1609 |                                 <ul>
1610 |                                     <li>
1611 |                                         <div class="checkbox toggle">
1612 |                                         <label for="h_fpp_full_self">
1613 |                                             <input name="h_fpp_full_self" type="checkbox" id="h_fpp_full_self"  value="checked" <?php echo @$config['h_fpp_full_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
1614 |                                         </label>
1615 |                                         </div>
1616 |                                     </li> 
1617 |                                     <li>
1618 |                                         <div class="checkbox toggle">
1619 |                                         <label for="h_fpp_full_none">
1620 |                                             <input name="h_fpp_full_none" type="checkbox" id="h_fpp_full_none"  value="checked" <?php echo @$config['h_fpp_full_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
1621 |                                         </label>
1622 |                                         </div>
1623 |                                     </li> 
1624 |                                 </ul>
1625 |                             </div>
1626 |                             
1627 |                                           
1628 |                             <!-- payment -->
1629 |                             <div class="cspblock">
1630 |                                 <label for=""><?php echo $this->i18n('a1656_bas_h_fpp_payment'); ?></label>
1631 |                             
1632 |                                 <ul>
1633 |                                     <li>
1634 |                                         <div class="checkbox toggle">
1635 |                                         <label for="h_fpp_pay_self">
1636 |                                             <input name="h_fpp_pay_self" type="checkbox" id="h_fpp_pay_self"  value="checked" <?php echo @$config['h_fpp_pay_self']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_self'); ?>
1637 |                                         </label>
1638 |                                         </div>
1639 |                                     </li> 
1640 |                                     <li>
1641 |                                         <div class="checkbox toggle">
1642 |                                         <label for="h_fpp_pay_none">
1643 |                                             <input name="h_fpp_pay_none" type="checkbox" id="h_fpp_pay_none"  value="checked" <?php echo @$config['h_fpp_pay_none']; ?> /> <?php echo $this->i18n('a1656_bas_h_editor_none'); ?>
1644 |                                         </label>
1645 |                                         </div>
1646 |                                     </li> 
1647 |                                 </ul>
1648 |                             </div>
1649 |               
1650 |                     
1651 |                         </dd>
1652 |                     </dl>
1653 | 				</div>
1654 |                 </div>
1655 |                 
1656 |                 
1657 |                 <div class="checkbox toggle includebackend">
1658 |                     <label for="h_fpp_be">
1659 |                         <input name="h_fpp_be" type="checkbox" id="h_fpp_be"  value="checked" <?php echo @$config['h_fpp_be']; ?> /> <?php echo $this->i18n('a1656_bas_includebackend'); ?>
1660 |                     </label>
1661 |                 </div> 
1662 |             </div>            
1663 |             
1664 |             
1665 |             
1666 |             
1667 |         </div>
1668 |         
1669 |         
1670 | 		<script type="text/javascript">
1671 | 		$(function() {
1672 | 			$('.hiddencontent').not('.checked').hide();
1673 | 			
1674 | 			$('input[data-opener]').change(function(){
1675 | 				dst = $(this).attr('data-opener');
1676 | 				
1677 | 				if (dst != undefined && dst.length > 2) {
1678 | 					if ($(this).is(':checked')) {
1679 | 						$(dst).slideDown();
1680 | 					} else {
1681 | 						$(dst).slideUp();
1682 | 					}
1683 | 				}
1684 | 			});
1685 | 			
1686 | 			//CSP-Editor Type
1687 | 			$('#h_csp_noeditor').change(function(){
1688 | 				if ($(this).is(':checked')) {
1689 | 					$('#h_csp_option_noeditor').slideDown();
1690 | 					$('#h_csp_option_editor').slideUp();
1691 | 				} else {
1692 | 					$('#h_csp_option_noeditor').slideUp();
1693 | 					$('#h_csp_option_editor').slideDown();
1694 | 				}
1695 | 			});
1696 | 			
1697 | 			//FPP-Editor Type
1698 | 			$('#h_fpp_noeditor').change(function(){
1699 | 				if ($(this).is(':checked')) {
1700 | 					$('#h_fpp_option_noeditor').slideDown();
1701 | 					$('#h_fpp_option_editor').slideUp();
1702 | 				} else {
1703 | 					$('#h_fpp_option_noeditor').slideUp();
1704 | 					$('#h_fpp_option_editor').slideDown();
1705 | 				}
1706 | 			});			
1707 | 			
1708 | 			//Modalcontent
1709 | 			$('#httpmodal').on('show.bs.modal', function (e) {
1710 | 				var button = $(e.relatedTarget);
1711 | 					var title = button.data('title');
1712 | 						cntsel = button.data('content');
1713 | 					var	content = $(cntsel).html();
1714 | 				var modal = $(this)
1715 | 					modal.find('.modal-title').text(title)
1716 | 					modal.find('.modal-body').html(content)
1717 | 			})
1718 | 		});
1719 |         </script>
1720 |         
1721 |         
1722 |         <footer class="panel-footer">
1723 |         	<div class="rex-form-panel-footer">
1724 |             	<div class="btn-toolbar">
1725 |                 	<input class="btn btn-save rex-form-aligned" type="submit" name="submit" title="<?php echo $this->i18n('a1656_save'); ?>" value="<?php echo $this->i18n('a1656_save'); ?>" />
1726 |                 </div>
1727 | 			</div>
1728 | 		</footer>
1729 |         
1730 | 	</div>
1731 | </section>
1732 | 
1733 | </form>
1734 | 
1735 | 
1736 | <!-- Modalfenster -->
1737 | <div class="modal fade bd-example-modal-lg hh-modal" id="httpmodal" tabindex="-1" role="dialog">
1738 |     <div class="modal-dialog modal-dialog-centered" role="document">
1739 |         <div class="modal-content">
1740 |             <div class="modal-header">
1741 |                 <h5 class="modal-title">...</h5>
1742 |                 <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span aria-hidden="true">&times;</span></button>                
1743 |             </div>
1744 |             
1745 |             <div class="modal-body">...</div>      
1746 |         </div>
1747 |     </div>
1748 | </div>
1749 | 
1750 | <!-- Modalfenster Content -->
1751 | <div class="hh-content" id="datacontent-conn">
1752 |   <p>Die Verbindung soll nicht nach jeder Anfrage beendet werden, um die Ladegeschwindigkeit zu erhöhen.</p>
1753 |   <p>Dieser Header ist u.U. relevant bei der Suchmaschinenoptimierung.</p>
1754 |   <p>&nbsp;</p>
1755 |   <p>Weitere Informationen:<br>
1756 |   <a href="https://de.ryte.com/wiki/Keep-Alive" target="_blank">https://de.ryte.com/wiki/</a></p>
1757 | </div>
1758 | 
1759 | <div class="hh-content" id="datacontent-vary">
1760 |   <p>Der Client soll u.A. erfahren können, welche Komprimierung die Website verwendet.</p>
1761 |   <p>Dieser Header ist u.U. relevant bei der Suchmaschinenoptimierung.</p>
1762 |   <p>&nbsp;</p>
1763 |   <p>Weitere Informationen:<br>
1764 |   <a href="https://de.ryte.com/wiki/Vary_Response_Header" target="_blank">https://de.ryte.com/wiki/</a></p>
1765 | </div>
1766 | 
1767 | <div class="hh-content" id="datacontent-server">
1768 |   <p>Über diesen Header kann je nach Servereinstellung die Ausgabe des Servertyps unterdrückt werden.<br>
1769 |   Allerdings kann der Webserver diesen Header ignorieren, wodurch diese Angaben weiterhin zurückgegeben werden.</p>
1770 | </div>
1771 | 
1772 | <div class="hh-content" id="datacontent-xpowered">
1773 |   <p>Über diesen Header kann je nach Servereinstellung die Ausgabe der PHP-Version unterdrückt werden.<br>
1774 | Allerdings kann der Webserver diesen Header ignorieren, wodurch diese Angaben weiterhin zurückgegeben werden.</p>
1775 | <p>&nbsp;</p>
1776 |   <p>Weitere Informationen:<br>
1777 |   <a href="https://siwecos.de/wiki/X-Content-Type-Options-Schwachstelle/DE" target="_blank">https://siwecos.de/wiki/</a></p>
1778 | </div>
1779 | 
1780 | <div class="hh-content" id="datacontent-xcontent">
1781 | <p>Mit diesem Header können Browser angewiesen werden, aufgerufene Dateien nicht als etwas anderes zu interpretieren als vom Inhaltstyp definiert.</p>
1782 | <p>&nbsp;</p>
1783 | <p><b>nosniff</b><br>
1784 |   wird auch dann erzwungen, wenn der Content-Type nicht angegeben ist</p>
1785 |     <p>&nbsp;</p>
1786 |     <p>Weitere Informationen:<br>
1787 |     <a href="https://siwecos.de/wiki/X-Content-Type-Options-Schwachstelle/DE" target="_blank">https://siwecos.de/wiki/</a></p>
1788 | 
1789 | </div>
1790 | 
1791 | <div class="hh-content" id="datacontent-xframe">
1792 |   <p>Das Setzen dieses Headers hilft dabei, Angriffe über Framing-Mechanismen zu unterbinden.</p>
1793 |   <p>&nbsp;</p>
1794 |   <p><strong>deny</strong><br>
1795 |   Die Seite kann nicht in einem iFrame eingebettet werden, egal welches die aufrufende Webseite ist.</p>
1796 |   <p><strong>sameorigin</strong><br>
1797 |     Die Seite kann nur als iFrame eingebettet werden, wenn beide von der gleichen Quellseite stammen.</p>
1798 |   <p>&nbsp;</p>
1799 |   <p>Weitere Informationen:<br>
1800 |     <a href="https://siwecos.de/wiki/X-Frame-Options-Schwachstelle/DE" target="_blank">https://siwecos.de/wiki/</a><br>
1801 |   
1802 | </div>
1803 | 
1804 | <div class="hh-content" id="datacontent-xxss">
1805 |   <p>Der X-XSS-Header definiert, wie in Browsern eingebaute XSS-Filter konfiguriert/genutzt werden.</p>
1806 |   <p>&nbsp;</p>
1807 |   <p>Weitere Informationen:<br>
1808 |     <a href="https://siwecos.de/wiki/XSS-Schwachstelle/DE" target="_blank">https://siwecos.de/wiki/</a><br>
1809 |   </p>
1810 | </div>
1811 | 
1812 | <div class="hh-content" id="datacontent-referer">
1813 | 	<p>Mit der Referrer Policy wird geregelt, welche der Referrer-Informationen in Anfragen aufgenommen werden sollen und welche nicht.</p>
1814 |   <p>&nbsp;</p>
1815 | 
1816 |     <p><b>no-referrer</b><br>
1817 |   Der Referer-Header wird vollständig weggelassen. Es werden keine Referrer-Informationen zusammen mit Anfragen gesendet.</p>
1818 |     
1819 |     <p><b>no-referrer-when-downgrade</b><br>
1820 |     Dies ist das Standardverhalten, wenn keine Richtlinie angegeben ist oder wenn der angegebene Wert ungültig ist.</p>
1821 | 
1822 |     <p><b>same-origin</b><br>
1823 |     Der Wert `same-origin` weist den Browser an, nur Referer Header zu senden, die von Ihrer Webseite gestellt werden. Wenn das Ziel eine andere Domain ist, werden keine Referrer-Informationen gesendet.</p>       
1824 | 
1825 |     <p><b>origin</b><br>
1826 |     Damit wird immer die Origin der auslösenden Seite in den Referer Informationen des Requests mitgegeben. Es werden allerdings keine Informationen zum genauen Pfad weitergegeben</p>
1827 | 
1828 |     <p><b>strict-origin</b><br>
1829 |     Der Wert `strict-origin` weist den Browser an, als Referer Header immer die Ursprungs-Domain anzugeben.
1830 |     </p>            
1831 | 
1832 |     <p><b>origin-when-cross-origin</b><br>
1833 |     Der Wert `origin-when-cross-origin` weist den Browser an, nur dann die vollständige Referrer-URL zu senden, wenn Sie auf der selben Domain bleiben. Sobald die Domain über HTTPS verlassen wird oder eine anderer Domain angesprochen wird, wird nur die Quell-Domain gesendet.</p>
1834 | 
1835 |   <p><b>strict-origin-when-cross-origin</b><br>
1836 |     Wie bei strict-origin handelt es sich bei strict-origin-when-cross-origin ebenfalls um eine Verschärfung einer bestehenden Regel. Es gelten die Regeln von origin-when-cross-origin. Zusätzlich werden allerdings die Referer Informationen entfernt, wenn der Request von einer HTTPS Seite zu einer HTTP Seite ausgelöst wird.</p>
1837 |     
1838 |     <p><b>unsafe-url</b><br>
1839 |     Mit dieser Einstellung wird der Browser dazu angewiesen, bei jedem Request die volle URL im Referer Header mitzusenden.</p>
1840 |     <p>&nbsp;</p>
1841 |     <p>Weitere Informationen:<br>
1842 |     <a href="https://siwecos.de/wiki/Referrer-Policy/DE" target="_blank">https://siwecos.de/wiki/</a></p>
1843 | </div>
1844 | 
1845 | <div class="hh-content" id="datacontent-trans">
1846 |   <p>Strict-Transport-Security stellt sicher, dass die Webseite für die definierte Zeit lediglich über HTTPS aufgerufen werden kann.</p>
1847 |   <p>&nbsp;</p>
1848 |   <p>Die Angabe "max-age" ist  für eine korrekte Funktion Pflicht.</p>
1849 |   <p>&nbsp;</p>
1850 |   <p>Weitere Informationen:<br>
1851 |     <a href="https://siwecos.de/wiki/Keine-Verschluesselung-Gefunden/DE" target="_blank">https://siwecos.de/wiki/</a>
1852 |   </p>
1853 | </div>
1854 | 
1855 | <div class="hh-content" id="datacontent-csp">
1856 |   <p>Die Content-Security-Policy definiert, aus welchen Quellen verschiedene Anfragen/Ressourcen, welche das Injizieren und Ausführen von evtl. bösartigen Befehlen, eingebunden werden dürfen.<br>
1857 |     <br>
1858 |   Die default-Angabe sollte dabei immer gesetzt werden. Alle weiteren Angaben ändern die default-Angabe entsprechend ab.</p>
1859 |   <p>&nbsp;</p>
1860 |   <p><strong>Eigenschaft &quot;default-src&quot;</strong><br>
1861 |   Voreinstellung für alle Richtlinien.</p>
1862 |   <p><strong>Eigenschaft &quot;img-src&quot;</strong><br>
1863 |   Definiert erlaubte Quellen für Bilder.</p>
1864 |   <p><strong>Eigenschaft &quot;media-src&quot;</strong><br>
1865 |   Definiert erlaubte Quellen für Audio und Video.</p>
1866 |   <p><strong>Eigenschaft &quot;font-src&quot;</strong><br>
1867 |   Definiert erlaubte Quellen für Schriftarten.</p>
1868 |   <p><strong>Eigenschaft &quot;script-src&quot;</strong><br>
1869 | Definiert erlaubte Quellen für JavaScript.</p>
1870 |   <p><strong>Eigenschaft &quot;style-src&quot;</strong><br>
1871 |   Definiert erlaubte Quellen für Stylesheets.</p>
1872 |   <p><strong>Eigenschaft &quot;object-src&quot;</strong><br>
1873 |   Definiert erlaubte Quellen für Plugins (z.B. object, embed, applet).</p>
1874 |   <p><strong>Eigenschaft &quot;form-action&quot;</strong><br>
1875 |   Definiert erlaubte Ziele für HTML Formulare.</p>
1876 |   <p><strong>Eigenschaft &quot;frame-src&quot;</strong><br>
1877 |   Definiert erlaubte Quellen für Frame-Inhalte.</p>
1878 |   <p><strong>Eigenschaft &quot;frame-ancestors&quot;</strong><br>
1879 |   Definiert erlaubte Quellen die eingebettete Inhalte haben dürfen (z.B. frame, iframe).</p>
1880 |   <p>&nbsp;</p>
1881 |   <p><b>Wert &quot;https:&quot;</b><br>
1882 |   Erlaubt das Laden von Ressourcen ausschließlich mit HTTPS von jeglicher Domain.</p>
1883 |   <p><b>Wert&quot;data:&quot;</b><br>
1884 |   Erlaubt das Laden von Ressourcen über data:-Definitionen.</p>
1885 |   <p><b>Wert&quot;blob:&quot;</b><br>
1886 |   Erlaubt das Laden von Ressourcen über blob:-Definitionen.</p>
1887 |   <p><b>Wert&quot;self&quot;</b><br>
1888 |   Erlaubt das Laden von Ressourcen von dem selben Ursprung.</p>
1889 |   <p><b>Wert&quot;unsafe-inline&quot;</b><br>
1890 |   Erlaubt die Benutzung von inline-Code wie z. B. style-Attribute oder onClick.</p>
1891 |   <p><b>Wert&quot;unsafe-eval&quot;</b><br>
1892 |   Erlaubt unsichere dynamische Code-Auswertung wie z.B. die JavaScript-Methode eval().</p>
1893 |   <p><b>Wert&quot;unsafe-hashes&quot;</b><br>
1894 |   Erlaubt Scripte in Event-Handlern.</p>
1895 |   <p><b>Wert&quot;none&quot;</b><br>
1896 |   Verhindert das Laden von Ressourcen von egal welcher Quelle.</p>
1897 |   <p>&nbsp;</p>
1898 |   <p>Weitere Informationen:<br>
1899 |     <a href="https://siwecos.de/wiki/Content-Security-Policy" target="_blank">https://siwecos.de/wiki/</a>
1900 |     <br>
1901 |     <a href="https://wiki.selfhtml.org/wiki/Sicherheit/Content_Security_Policy#Referenz_der_Werteangaben" target="_blank">https://wiki.selfhtml.org/wiki/</a>
1902 |     
1903 |   </p>
1904 | </div>
1905 | 
1906 | <div class="hh-content" id="datacontent-fpp">
1907 |   <p>Mit der Permissions-Policy (früher Feature-Policy) kann dem Webbrowser mitgeteilt werden, auf welche Browser- bzw. Systemfeatures zugegriffen werden kann.<br>
1908 |   Werden keine Features/Permissions definiert, so ist der Zugriff auf entsprechende Features immer möglich.</p>
1909 |   <p>&nbsp;</p>
1910 |   <p><b>Wert&quot;self&quot;</b><br>
1911 | Die entsprechende Eigenschaft  ist für die Webseite und alle eingebetteten Ressourcen mit der selben Herkunft verwendbar. </p>
1912 |   <p><b>Wert&quot;none&quot;</b><br> 
1913 |     Die entsprechende Eigenschaft ist deaktiviert und damit weder von der Webseite noch eingebundenen Ressourcen verwendbar.
1914 | </p>
1915 |   <p>&nbsp;</p>
1916 |   <p>Weitere Informationen:<br>
1917 |     <a href="https://www.codingblatt.de/permissions-policy-http-security-header/" target="_blank">https://www.codingblatt.de/</a>
1918 |   </p>
1919 | </div>


--------------------------------------------------------------------------------