eric/alpha_full
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
alpha_full/_include/headers.php
root 6550c99017 Initial import Alpha
2026-04-06 22:58:51 +02:00

207 lines
9.3 KiB
PHP
Executable File
Raw Permalink Blame History

<?php
$debugSystem=false;
// if (!headers_sent()) {
// session_set_cookie_params([
// 'lifetime' => 0, // session cookie
// 'path' => '/',
// 'domain' => '', // hostname exact
// 'secure' => true, // HTTPS obligatoire
// 'httponly' => true,
// 'samesite' => 'None',
// 'partitioned' => true // ← nouveau, aide avec state partitioning
// ]);
// }
// ini_set('session.cookie_secure', '1');
// ini_set('session.cookie_httponly', '1');
// ini_set('session.cookie_samesite', 'None');
// ---------------------------------------------------
// siteName && Session
// ---------------------------------------------------
if (session_status() == PHP_SESSION_NONE) {
// ---------------------------------------------------
// siteName
// ---------------------------------------------------
$trouve=false;
if (file_exists("./_conf/siteName.php")) {$includePathConf="./_conf"; $trouve=true;}
if ($trouve==false ) {if (file_exists("../_conf/siteName.php") && $trouve==false ) {$includePathConf="../_conf"; $trouve=true;} }
if ($trouve==false ) {if (file_exists("../../_conf/siteName.php") && $trouve==false ) {$includePathConf="../../_conf"; $trouve=true;} }
if (isset($server) && (file_exists($server. "/_conf/siteName.php") ) && $trouve==false ) {$includePathConf=$server. "/_conf"; $trouve=true;}
include($includePathConf. "/siteName.php");
$siteName2 =str_replace(".", "-", $siteName);
// ---------------------------------------------------
// session
// ---------------------------------------------------
session_name( $siteName2 );
session_start();
$_SESSION['siteName']=session_name();
}
// ---------------------------------------------------
// Cache
// ---------------------------------------------------
if ($debugSystem === true) {
// pas de cache en debug local
ini_set('opcache.enable', '0');
ini_set('opcache.enable_cli', '0');
} else {
header("Cache-Control: private, max-age=259200, must-revalidate"); //3 jours
// ini_set('opcache.enable', '1');//?
// ini_set('opcache.enable_cli', '1');
// il faut faire la compression dans nginx
// header("Content-Encoding:gzip");
// ini_set('zlib.output_compression', true);
ini_set('output_buffering', 'on');
}
// ---------------------------------------------------
// Headers
// ---------------------------------------------------
header("content-type: text/html; charset=UTF-8");
// Pour activer l'enregistrement du trigger OS marchera en prod uniquement (DNS)
header('Attribution-Reporting-Eligible: {"trigger": true}');
header('Attribution-Reporting-Support: {"os": true}');
// ---------------------------------------------------
// Cookies
// ---------------------------------------------------
// ---------------------------------------------------
// Cross content
// ---------------------------------------------------
$allowed_origins = [
"https://kit.fontawesome.com",
"http://localhost",
"http://192.168.0.1",
"http://192.168.0.3",
"http://192.168.0.4",
"http://82.65.223.80",
"http://146.105.42.142",
"https://123ventes.com",
"https://123vente.com",
"http://edserv",
"http://edport",
"https://google.com",
"https://my-chop.com",
"https://nobug.lan",
"https://my-shop.nobug.lan"
];
if (in_array($_SERVER['HTTP_ORIGIN'] ?? '', $allowed_origins)) {
header("Access-Control-Allow-Origin: ". $_SERVER['HTTP_ORIGIN']);
}
// header ('Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE');
header ('Access-Control-Allow-Methods: POST, GET ');
// il faut faire la compression dans nginx
// header( "Content-Encoding: compress" );
// ---------------------------------------------------
// Content-Security-Policy
// ---------------------------------------------------
header("Content-Security-Policy: ".
"default-src 'self'; ".
// Connexions (AJAX, fetch, WebSocket)
"connect-src 'self' https://localhost http://localhost https://edserv https://edport https://my-shop.nobug.lan https://my-chop.com ".
"https://www.123ventes.com https://123ventes.com ".
"https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com ".
"https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net ".
"https://region1.analytics.google.com https://region1.google-analytics.com ".
"https://www.google.com https://www.google.fr/ads/ga-audiences ".
"https://www.paypal.com ".
"https://www.sandbox.paypal.com ".
"https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google ".
"https://d.delivery.consentmanager.net; ".
// Scripts
"script-src 'self' 'unsafe-inline' https://localhost http://localhost https://edserv https://edport https://my-shop.nobug.lan https://my-chop.com ".
"https://www.123ventes.com https://123ventes.com ".
"https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com ".
"https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net ".
"https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google ".
"https://cdn.consentmanager.net https://d.delivery.consentmanager.net ".
"https://www.paypal.com ".
"https://www.sandbox.paypal.com ".
"https://js.stripe.com ".
"https://www.google.com/recaptcha; ".
"script-src-elem 'self' 'unsafe-inline' https://localhost http://localhost https://edserv https://edport https://my-shop.nobug.lan https://my-chop.com ".
"https://www.123ventes.com https://123ventes.com ".
"https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com ".
"https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net ".
"https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google ".
"https://cdn.consentmanager.net https://d.delivery.consentmanager.net ".
"https://www.paypal.com ".
"https://www.sandbox.paypal.com ".
"https://www.google.com/recaptcha;".
// Styles
"style-src 'self' 'unsafe-inline' https://localhost http://localhost https://edserv https://edport https://my-shop.nobug.lan https://my-chop.com ".
"https://www.123ventes.com https://123ventes.com ".
"https://use.fontawesome.com ".
"https://fonts.googleapis.com ".
"https://ws.colissimo.fr ".
"https://cdn.jsdelivr.net; ".
"style-src-elem 'self' 'unsafe-inline' https://localhost http://localhost https://edserv https://edport https://my-shop.nobug.lan https://my-chop.com ".
"https://www.123ventes.com https://123ventes.com ".
"https://use.fontawesome.com ".
"https://cdn.consentmanager.net ".
"https://fonts.googleapis.com ".
"https://ws.colissimo.fr ".
"https://cdn.jsdelivr.net ".
"https://fonts.gstatic.com; ".
"style-src-attr 'unsafe-inline'; ".
// Fonts
"font-src 'self' https://fonts.gstatic.com; ".
// Images (pixels de suivi inclus)
"img-src 'self' data: https://localhost http://localhost https://edserv https://edport https://my-shop.nobug.lan https://my-chop.com ".
"https://cdn.consentmanager.net https://d.delivery.consentmanager.net ".
"https://www.google.com https://www.google.fr ".
"https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google ".
"https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net ".
"https://www.paypalobjects.com https://www.sandbox.paypal.com https://www.paypal.com ".
"https://www.123ventes.com https://123ventes.com ".
"https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com; ".
// Frames / iframes
"frame-src https://localhost http://localhost https://edserv https://edport https://my-shop.nobug.lan https://my-chop.com ".
"https://123ventes.blogspot.com https://123ventes.com https://www.123ventes.com https://www.googletagmanager.com https://www.google.com ".
"https://www.paypal.com https://www.sandbox.paypal.com ".
"https://checkout.stripe.com https://js.stripe.com ".
"https://pagead2.googlesyndication.com https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google; ".
// Autres directives
"object-src 'none'; ".
"base-uri 'self'; ".
"form-action https://localhost http://localhost https://edserv https://edport https://my-shop.nobug.lan:* https://my-chop.com:* https://checkout.stripe.com/; "
// "form-action * "
);
// ---------------------------------------------------
// Debug headers
// ---------------------------------------------------
$debugHeader=false ;
if (isset($debugHeader) && $debugHeader==true) {
$headers = getallheaders();
foreach ($headers as $header => $value) {
echo "<span style=\"background-color:white;color:black;text-align:left;\">$header: $value <br />\n";
}
// session_set_cookie_params([
// 'domain' => '192.168.0.4', // Utilise le domaine complet (avec un point au début)
// 'domain' => 'my-shop.nobug.lan', // Utilise le domaine complet (avec un point au début)
// ]);
}
?>
Reference in New Issue View Git Blame Copy Permalink