#11

Signed-off-by: Bruno Meilick <b@bnomei.com>
bnomei · Mar 27, 2019 · 62bb843 · 62bb843
1 parent 49e1f19
commit 62bb843
Show file tree

Hide file tree

Showing 8 changed files with 40 additions and 21 deletions.
diff --git a/classes/SecurityHeaders.php b/classes/SecurityHeaders.php
@@ -8,7 +8,16 @@ class SecurityHeaders
 {
     private static function enabled()
     {
-        return option('bnomei.securityheaders.enabled') && !static::isWebpack() && !static::isLocalhost();
+        $inPanel = static::isPanel() ? option('bnomei.securityheaders.enabled.panel') : true;
+        return option('bnomei.securityheaders.enabled') && $inPanel && !static::isWebpack() && !static::isLocalhost();
+    }
+
+    private static function isPanel()
+    {
+        return strpos(
+            kirby()->request()->url()->toString(),
+            kirby()->urls()->panel
+          ) !== false;
     }
 
     public static function headers($headers)
@@ -55,9 +64,13 @@ private static function isLocalhost()
         return in_array($_SERVER['REMOTE_ADDR'], array( '127.0.0.1', '::1' ));
     }
 
-    public static function apply() {
-        // https://github.com/Martijnc/php-csp
+    public static function apply()
+    {
+        if (!static::enabled()) {
+            return;
+        }
 
+        // https://github.com/Martijnc/php-csp
         $policy = new ContentSecurityPolicyHeaderBuilder();
 
         $csp = option('bnomei.securityheaders.csp', []);

diff --git a/composer.json b/composer.json
@@ -1,7 +1,7 @@
 {
     "name": "bnomei/kirby3-security-headers",
     "type": "kirby-plugin",
-    "version": "1.1.1",
+    "version": "1.1.2",
     "license": "MIT",
     "description": "Kirby 3 Plugin for easier Security Headers setup",
     "authors": [

diff --git a/composer.lock b/composer.lock
diff --git a/index.php b/index.php
@@ -5,6 +5,7 @@
 Kirby::plugin('bnomei/securityheaders', [
     'options' => [
         'enabled' => true,
+        'enabled.panel' => false,
         'route.before' => true,
         'headers' => [
             "X-Powered-By"              => "", // unset
@@ -39,4 +40,4 @@
             return $n;
         }
     ]
-]);
+]);
diff --git a/readme.md b/readme.md
@@ -43,9 +43,14 @@ A `route:before`-hook will take care of setting the headers automatically on all
 
 ## Settings
 
+All settings need to be prefiex with `bnomei.securityheaders.`.
+
 **enabled**
 - default: `true` will set headers
 
+**enabled.panel**
+- default: `false` will not set headers in panel
+
 **route.before**
 - default: `true` will set headers with a `route:before`-hook
 

diff --git a/vendor/autoload.php b/vendor/autoload.php
@@ -4,4 +4,4 @@
 
 require_once __DIR__ . '/composer/autoload_real.php';
 
-return ComposerAutoloaderInitbc897b64e5a0d41424eb41dc6a524c9e::getLoader();
+return ComposerAutoloaderInit1218331689125948020e3299cb3f7f63::getLoader();
diff --git a/vendor/composer/autoload_real.php b/vendor/composer/autoload_real.php
@@ -2,7 +2,7 @@
 
 // autoload_real.php @generated by Composer
 
-class ComposerAutoloaderInitbc897b64e5a0d41424eb41dc6a524c9e
+class ComposerAutoloaderInit1218331689125948020e3299cb3f7f63
 {
     private static $loader;
 
@@ -19,15 +19,15 @@ public static function getLoader()
             return self::$loader;
         }
 
-        spl_autoload_register(array('ComposerAutoloaderInitbc897b64e5a0d41424eb41dc6a524c9e', 'loadClassLoader'), true, true);
+        spl_autoload_register(array('ComposerAutoloaderInit1218331689125948020e3299cb3f7f63', 'loadClassLoader'), true, true);
         self::$loader = $loader = new \Composer\Autoload\ClassLoader();
-        spl_autoload_unregister(array('ComposerAutoloaderInitbc897b64e5a0d41424eb41dc6a524c9e', 'loadClassLoader'));
+        spl_autoload_unregister(array('ComposerAutoloaderInit1218331689125948020e3299cb3f7f63', 'loadClassLoader'));
 
         $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
         if ($useStaticLoader) {
             require_once __DIR__ . '/autoload_static.php';
 
-            call_user_func(\Composer\Autoload\ComposerStaticInitbc897b64e5a0d41424eb41dc6a524c9e::getInitializer($loader));
+            call_user_func(\Composer\Autoload\ComposerStaticInit1218331689125948020e3299cb3f7f63::getInitializer($loader));
         } else {
             $map = require __DIR__ . '/autoload_namespaces.php';
             foreach ($map as $namespace => $path) {

diff --git a/vendor/composer/autoload_static.php b/vendor/composer/autoload_static.php
@@ -4,7 +4,7 @@
 
 namespace Composer\Autoload;
 
-class ComposerStaticInitbc897b64e5a0d41424eb41dc6a524c9e
+class ComposerStaticInit1218331689125948020e3299cb3f7f63
 {
     public static $prefixLengthsPsr4 = array (
         'K' => 
@@ -54,10 +54,10 @@ class ComposerStaticInitbc897b64e5a0d41424eb41dc6a524c9e
     public static function getInitializer(ClassLoader $loader)
     {
         return \Closure::bind(function () use ($loader) {
-            $loader->prefixLengthsPsr4 = ComposerStaticInitbc897b64e5a0d41424eb41dc6a524c9e::$prefixLengthsPsr4;
-            $loader->prefixDirsPsr4 = ComposerStaticInitbc897b64e5a0d41424eb41dc6a524c9e::$prefixDirsPsr4;
-            $loader->prefixesPsr0 = ComposerStaticInitbc897b64e5a0d41424eb41dc6a524c9e::$prefixesPsr0;
-            $loader->classMap = ComposerStaticInitbc897b64e5a0d41424eb41dc6a524c9e::$classMap;
+            $loader->prefixLengthsPsr4 = ComposerStaticInit1218331689125948020e3299cb3f7f63::$prefixLengthsPsr4;
+            $loader->prefixDirsPsr4 = ComposerStaticInit1218331689125948020e3299cb3f7f63::$prefixDirsPsr4;
+            $loader->prefixesPsr0 = ComposerStaticInit1218331689125948020e3299cb3f7f63::$prefixesPsr0;
+            $loader->classMap = ComposerStaticInit1218331689125948020e3299cb3f7f63::$classMap;
 
         }, null, ClassLoader::class);
     }