diff --git a/wp-config.php b/wp-config.php index 6215e7e7e..634a78827 100755 --- a/wp-config.php +++ b/wp-config.php @@ -1,82 +1,92 @@ teXm>^t0YX$ @ ku<16q#?5;fc]z1pbR#rH?C#df?NGMK+U>{7Uhmo4,ZVCnBHK' ); -define( 'NONCE_KEY', '61m=t}qTGaa>O2-)dn,@3[7mMnhLFM|(3/uNf^<-fnyFS]$EoeA|J)@Ri%WK{[`?' ); -define( 'AUTH_SALT', 'Mxj 1j5-_3Cnvq`_[l3rENZEH>q8F0b=@%YeevQZ,cjsd~vDnYv#|UgO[ZAfsdRY{fw|qhA0Oy ^`A^_w7' ); -define( 'NONCE_SALT', '*-p4LlLI>2=Zi0Ni?!EU@Ua.btP[W 1t9-P_&P-7^3A)E@9+n*A1[[=ISwa}}+/0' ); +// define('SMTP_username', 'mail@gmail.com'); // username of host like Gmail +// define('SMTP_password', 'password'); // password for login into the App +// define('SMTP_server', 'smtp.gmail.com'); // SMTP server address +// define('SMTP_FROM', 'mail@gmail.com'); // Your Business Email Address +// define('SMTP_NAME', 'SiteFrom'); // Business From Name +// define('SMTP_PORT', '587'); // Server Port Number +// define('SMTP_SECURE', 'tls'); // Encryption - ssl or tls +// define('SMTP_AUTH', true); // Use SMTP authentication (true|false) +// define('SMTP_DEBUG', 1); // for debugging purposes only -// define( 'SMTP_username', 'mail@gmail.com' ); // username of host like Gmail -// define( 'SMTP_password', 'password' ); // password for login into the App -// define( 'SMTP_server', 'smtp.gmail.com' ); // SMTP server address -// define( 'SMTP_FROM', 'mail@gmail.com' ); // Your Business Email Address -// define( 'SMTP_NAME', 'SiteFrom' ); // Business From Name -// define( 'SMTP_PORT', '587' ); // Server Port Number -// define( 'SMTP_SECURE', 'tls' ); // Encryption - ssl or tls -// define( 'SMTP_AUTH', true ); // Use SMTP authentication (true|false) -// define( 'SMTP_DEBUG', 1 ); // for debugging purposes only +define('AUTH_KEY', 'PK2?Bu1fPWFWDJt,RtT0xqPi oSR@jMr$.1ERFgZe|sCTi:;?-TIG n;v^Uhl/rM'); +define('SECURE_AUTH_KEY', 'eAf2wy6Q9O2d0A1EP14~D~mk:AuUyXUhGu~7ds{LI[CzFY9)|%LgFha|lkgRlk)r'); +define('LOGGED_IN_KEY', '>teXm>^t0YX$ @ ku<16q#?5;fc]z1pbR#rH?C#df?NGMK+U>{7Uhmo4,ZVCnBHK'); +define('NONCE_KEY', '61m=t}qTGaa>O2-)dn,@3[7mMnhLFM|(3/uNf^<-fnyFS]$EoeA|J)@Ri%WK{[`?'); +define('AUTH_SALT', 'Mxj 1j5-_3Cnvq`_[l3rENZEH>q8F0b=@%YeevQZ,cjsd~vDnYv#|UgO[ZAfsdRY{fw|qhA0Oy ^`A^_w7'); +define('NONCE_SALT', '*-p4LlLI>2=Zi0Ni?!EU@Ua.btP[W 1t9-P_&P-7^3A)E@9+n*A1[[=ISwa}}+/0'); -if ( !defined( 'ABSPATH' ) ) { - define( 'ABSPATH', dirname(__FILE__) . '/' ); +if (!defined('ABSPATH')) { + define('ABSPATH', dirname(__FILE__) . '/'); } require_once(ABSPATH . 'wp-settings.php'); diff --git a/wp-content/plugins/http-headers/README.txt b/wp-content/plugins/http-headers/README.txt new file mode 100644 index 000000000..90581a99c --- /dev/null +++ b/wp-content/plugins/http-headers/README.txt @@ -0,0 +1,421 @@ +=== HTTP Headers === +Contributors: zinoui +Donate link: https://paypal.me/Dimitar81 +Tags: custom headers, http headers, headers, security, http header, header, cross domain, cors, xss, clickjacking, mitm, cross origin, cross site, privacy, p3p, hsts, referrer, csp, caching, compression, access control, authentication +Requires at least: 3.2 +Tested up to: 6.3.1 +Requires PHP: 5.3 +Stable tag: 1.19.1 +License: GPLv2 or later +License URI: https://www.gnu.org/licenses/gpl-2.0.html + +HTTP Headers adds CORS & security HTTP headers to your website. + +== Description == + +HTTP Headers gives your control over the http headers returned by your blog or website. + +Headers supported by HTTP Headers includes: + +- Access-Control-Allow-Origin +- Access-Control-Allow-Credentials +- Access-Control-Max-Age +- Access-Control-Allow-Methods +- Access-Control-Allow-Headers +- Access-Control-Expose-Headers +- Age +- Content-Security-Policy +- Content-Security-Policy-Report-Only +- Cache-Control +- Clear-Site-Data +- Connection +- Content-Encoding +- Content-Type +- Cross-Origin-Embedder-Policy +- Cross-Origin-Opener-Policy +- Cross-Origin-Resource-Policy +- Expect-CT +- Expires +- Feature-Policy +- NEL +- Permissions-Policy +- Pragma +- P3P +- Referrer-Policy +- Report-To +- Strict-Transport-Security +- Timing-Allow-Origin +- Vary +- WWW-Authenticate +- X-Content-Type-Options +- X-DNS-Prefetch-Control +- X-Download-Options +- X-Frame-Options +- X-Permitted-Cross-Domain-Policies +- X-Powered-By +- X-Robots-Tag +- X-UA-Compatible +- X-XSS-Protection + +== Installation == + +Upload the HTTP Headers plugin to your blog. Then activate it. + +That's all. + +== Frequently Asked Questions == + += Why to use this plugin? = + +Nowadays security of your social data at the web is essential. This plugin helps you to improve your website overall security. + += Who use these headers? = + +These HTTP headers are being used in production services by popular websites as Facebook, Google+, Twitter, LinkedIn, YouTube, Yahoo, Amazon, Instagram, Pinterest. + +== Screenshots == + +1. This screenshot shows up the dashboard with categories of the supported headers. +2. This screenshot shows up the headers of a chosen category and their current values. +3. This screenshot shows up the settings page where you can adjust the security headers. +4. This screenshot shows up the response headers returned by the web server. + +== Upgrade Notice == + +Updates are on they way, so stay tuned at [@DimitarIvanov](https://twitter.com/DimitarIvanov) + +== Changelog == + += 1.19.1 = +*Release Date - 2nd September, 2023* + +* Added "clientHints" directive to "Clear-Site-Data" header +* Added "credentialless" directive to "Cross-Origin-Embedder-Policy" header + += 1.19.0 = +*Release Date - 7th July, 2023* + +* Fixed: SSRF vulnerability by an Admin user +* Fixed: XSS vulnerability by an Admin user + += 1.18.11 = +*Release Date - 11th June, 2023* + +* Fixed: Remote Code Execution by an Admin user + += 1.18.10 = +*Release Date - 28th May, 2023* + +* Fixed: Remote Code Execution by an Admin user +* Removed: Import/Export functions + += 1.18.9 = +*Release Date - 23rd April, 2023* + +* Fixed: Remote Code Execution by an Admin user + += 1.18.8 = +*Release Date - 17th April, 2023* + +* Fixed: SQL Injection by an Admin user +* Fixed: Remote Code Execution by an Admin user +* Few PHP 8.x compatible fixes + += 1.18.7 = +*Release Date - 24th January, 2023* + +* Fix CSP default value + += 1.18.6 = +*Release Date - 22nd January, 2023* + +* PHP 8 compatibility changes + += 1.18.5 = +*Release Date - 30th April, 2021* + +* Configurable paths to files who store passwords for basic/digest auth +* Fixed issue with plugin activation, due missing file + += 1.18.4 = +*Release Date - 30th April, 2021* + +* Initial value of X-Robots-Tag fixed + += 1.18.3 = +*Release Date - 30th April, 2021* + +* Added "X-Robots-Tag" header +* Added "interest-cohort", "layout-animations", "legacy-image-formats", "oversized-images", and "wake-lock" directive to "Permissions-Policy" header +* Added "cross-origin" value to "Cross-Origin-Resource-Policy" header +* Added "navigate-to" and "prefetch-src" directives to "Content-Security-Policy" header + += 1.18.2 = +*Release Date - 24th April, 2021* + +* Configurable paths to .htaccess and .user.ini files + += 1.18.1 = +*Release Date - 29th October, 2020* + +* Added "allow-downloads" and "allow-top-navigation-by-user-activation" to "sandbox" directive, part of CSP + += 1.18.0 = +*Release Date - 20th September, 2020* + +* Added "Permissions-Policy" header +* Fixed "Cookie Security" + += 1.17.0 = +*Release Date - 26th July, 2020* + +* Added "Cross-Origin-Embedder-Policy" header +* Added "Cross-Origin-Opener-Policy" header + += 1.16.1 = +*Release Date - 23rd July, 2020* + +* Fixed JS/CSS versioning + += 1.16.0 = +*Release Date - 23rd July, 2020* + +* Added the "NEL" header +* Fixed the "Report-To" header + += 1.15.2 = +*Release Date - 18th June, 2020* + +* Fixed a PHP Notice at "Expires" page +* Fixed comments in .user.ini file + += 1.15.1 = +*Release Date - 9th May, 2020* + +* Fixed the "Access-Control-Allow-Origin" header + += 1.15.0 = +*Release Date - 26th January, 2020* + +* Added the "Cross-Origin-Resource-Policy" header +* Removed the "Public-Key-Pins" header + += 1.14.2 = +*Release Date - 25th November, 2019* + +* CORS headers updated (added "Vary: Origin") + += 1.14.1 = +*Release Date - 15th September, 2019* + +* Simple filtering was replaced with Dynamic filtering + += 1.14.0 = +*Release Date - 1st September, 2019* + +* Added the "Content-Type" header +* Fixed the "Access-Control-Allow-Credentials" header +* Improvement to "Access-Control-Allow-Headers" header +* Improvement to "Access-Control-Allow-Methods" header +* Improvement to "Access-Control-Expose-Headers" header +* Improvement to "Cache-Control" header +* Improvement to "Vary" header + += 1.13.4 = +*Release Date - 14th July, 2019* + +* Added the "always" condition to Header (unset) directive +* Fixed the "import" function +* Fixed the "Access-Control-Allow-Origin" header + += 1.13.3 = +*Release Date - 16th June, 2019* + +* Bugfix in "WWW-Authenticate" header +* Added support of Apache 2.4 + += 1.13.2 = +*Release Date - 13th June, 2019* + +* Bugfix in "Content-Encoding" header +* Bugfix in "Vary" header + += 1.13.1 = +*Release Date - 8th June, 2019* + +* Added Brotli compression + += 1.13.0 = +*Release Date - 7th June, 2019* + +* Added "SameSite" to Cookie Security +* Fixed import/export function +* Code refactoring + += 1.12.2 = +*Release Date - 5th April, 2019* + +* UI improvement for Content-Security-Policy +* Fix for Access-Control-Allow-Headers +* Fix for Access-Control-Allow-Origin +* Fix for Feature-Policy + += 1.12.1 = +*Release Date - 9th January, 2019* + +* Remove direct calls to cURL + += 1.12.0 = +*Release Date - 5th January, 2019* + +* Better handling of activate/deactivate functions + += 1.11.0 = +*Release Date - 9th December, 2018* + +* Added support of "Clear-Site-Data" header + += 1.10.5 = +*Release Date - 6th November, 2018* + +* Hotfix: parallel work with third-party plugins + += 1.10.4 = +*Release Date - 30th September, 2018* + +* Support of following Server APIs: CGI, FastCGI, PHP-FPM +* Error handling improvement + += 1.10.3 = +*Release Date - 8th August, 2018* + +* HSTS improvement +* CORS improvement + += 1.10.2 = +*Release Date - 31st July, 2018* + +* Export feature bug-fixed + += 1.10.1 = +*Release Date - 18th July, 2018* + +* Feature-Policy header update: new features added + += 1.10.0 = +*Release Date - 17th July, 2018* + +* Added support of "Feature-Policy" header + += 1.9.5 = +*Release Date - 12th July, 2018* + +* CORS bugfix + += 1.9.4 = +*Release Date - 13th January, 2018* + +* In-plugin security improvement + += 1.9.3 = +*Release Date - 10th January, 2018* + +* Bug fix + += 1.9.2 = +*Release Date - 4th January, 2018* + +* Security improvements + += 1.9.1 = +*Release Date - 27th December, 2017* + +* Updated translations + += 1.9.0 = +*Release Date - 23th December, 2017* + +* Added support of "Report-To" header +* Added support of translations +* Added support of Import/Export +* Updated "Content-Security-Policy" header (added directives: object-src, frame-src, worker-src, manifest-src, base-uri, report-to) +* Updated "WWW-Authenticate" header (support multiple users) +* Updated "Access-Control" headers (added list of origins) + += 1.8.0 = +*Release Date - 31st August, 2017* + +* Added support of "Timing-Allow-Origin" header +* Added support of "X-Download-Options" header +* Added support of "X-DNS-Prefetch-Control" header +* Added support of "X-Permitted-Cross-Domain-Policies" header +* Added support of Custom headers + += 1.7.1 = +*Release Date - 18th August, 2017* + +* PHP notice bugfixed + += 1.7.0 = +*Release Date - 15th August, 2017* + +* Added support of "Content-Security-Policy-Report-Only" header +* Added support of "Public-Key-Pins-Report-Only" header +* Added "1; report=" directive to the "X-XSS-Protection" header +* Added "Inspect headers" tool +* UI bugfixes + += 1.6.0 = +*Release Date - 5th August, 2017* + +* Added support of "Expect-CT" header + += 1.5.0 = +*Release Date - 30th July, 2017* + +* Added support of "Age" header +* Added support of "Cache-Control" header +* Added support of "Connection" header +* Added support of "Content-Encoding" header +* Added support of "Expires" header +* Added support of "Pragma" header +* Added support of "Vary" header +* Added support of "WWW-Authenticate" header +* Added support of "X-Powered-By" header +* Added support of "Secure" and "HttpOnly" cookies + += 1.4.0 = +*Release Date - 5th July, 2017* + +* Added support of Apache (via htaccess) inclusion method + += 1.3.0 = +*Release Date - 3rd June, 2017* + +* Added support of Content-Security-Policy header +* Added dashboard + += 1.2.0 = +*Release Date - 28th April, 2017* + +* Added support of Referrer-Policy header + += 1.1.2 = +*Release Date - 13th February, 2017* + +* Added support of 'preload' directive to HSTS header + += 1.1.1 = +*Release Date - 8th November, 2016* + +* Fixed typo in the X-Frame-Options header + += 1.1.0 = +*Release Date - 20th May, 2016* + +* Added support of P3P header + += 1.0.0 = +*Release Date - 10th May, 2016* + +* Initial version diff --git a/wp-content/plugins/http-headers/assets/scripts.js b/wp-content/plugins/http-headers/assets/scripts.js new file mode 100644 index 000000000..43a998895 --- /dev/null +++ b/wp-content/plugins/http-headers/assets/scripts.js @@ -0,0 +1,318 @@ +(function ($, undefined) { + $(function() { + "use strict"; + + $(document).on('change', 'select[name="hh_x_frame_options_value"]', function () { + var $el = $('input[name="hh_x_frame_options_domain"]'), + readOnly = $(this).find('option:selected').val() != 'allow-from'; + if ($el.length) { + $el.prop('readOnly', readOnly).toggle(!readOnly); + } + }).on('change', 'select[name="hh_x_xxs_protection_value"]', function (e) { + var $el = $('input[name="hh_x_xxs_protection_uri"]'), + readOnly = $(this).find('option:selected').val() != '1; report='; + if ($el.length) { + $el.prop('readOnly', readOnly).toggle(!readOnly); + } + }).on('change', 'select[name="hh_x_powered_by_option"]', function () { + var $el = $('input[name="hh_x_powered_by_value"]'), + readOnly = $(this).find('option:selected').val() != 'set'; + if ($el.length) { + $el.prop('readOnly', readOnly).toggle(!readOnly); + } + }).on("change", "input[name^='hh_vary_value[']", function () { + + if (this.name === "hh_vary_value[*]") { + if (this.checked) { + $("input[name^='hh_vary_value[']").not(this).prop("checked", false); + } + } else { + if (this.checked) { + $("input[name='hh_vary_value[*]']").prop("checked", false); + } + } + + }).on("change", "input[name^='hh_access_control_allow_methods_value[']", function () { + + if (this.name === "hh_access_control_allow_methods_value[*]") { + if (this.checked) { + $("input[name^='hh_access_control_allow_methods_value[']").not(this).prop("checked", false); + } + } else { + if (this.checked) { + $("input[name='hh_access_control_allow_methods_value[*]']").prop("checked", false); + } + } + + }).on('change', 'select[name="hh_access_control_allow_origin_value"]', function () { + var $el = $('input[name="hh_access_control_allow_origin_url"]'), + readOnly = $(this).find('option:selected').val() != 'origin'; + if ($el.length) { + $el.prop('readOnly', readOnly);//.toggle(!readOnly); + } + if (readOnly) { + $(".hh-acao").addClass("hh-hidden"); + } else { + $(".hh-acao").removeClass("hh-hidden"); + } + }).on('change', 'select[name="hh_timing_allow_origin_value"]', function () { + var $el = $('input[name="hh_timing_allow_origin_url"]'), + readOnly = $(this).find('option:selected').val() != 'origin'; + if ($el.length) { + $el.prop('readOnly', readOnly).toggle(!readOnly); + } + }).on('change', '.http-header', function () { + var $this = $(this), + $el = $this.closest('table').find('.http-header-value'); + + if (!$el.length) { + return; + } + + if (Number($this.val()) === 1) { + $el.prop('readOnly', false).removeAttr('readonly').removeClass('readonly'); + } else { + $el.prop('readOnly', true).addClass('readonly'); + } + }).on('change', 'input[name="hh_x_frame_options"]', function () { + $('select[name="hh_x_frame_options_value"]').trigger('change'); + }).on('change', 'input[name="hh_x_powered_by"]', function () { + $('select[name="hh_x_powered_by_option"]').trigger('change'); + }).on('change', 'input[name="hh_access_control_allow_origin"]', function () { + $('select[name="hh_access_control_allow_origin_value"]').trigger('change'); + }).on('change', 'input[name="hh_timing_allow_origin"]', function () { + $('select[name="hh_timing_allow_origin_value"]').trigger('change'); + }).on('submit', '#frmIspect', function (e) { + e.preventDefault(); + var $this = $(this), + $box = $('#hh-result').empty(); + $.post($this.attr('action'), $this.serialize()).done(function (data) { + $box.html(data); + }); + return false; + }).on('change', '#authentication', function () { + var $a = $('#box-authentication'); + if (this.checked) { + $a.show(); + } else { + $a.hide(); + } + }).on('click', '#hh-btn-add-header', function () { + $(this).closest('tr').before(' \ + \ + \ + \ + '); + }).on('click', '.hh-btn-add-endpoint', function () { + + var $tr = $(this).closest("tr"); + + $tr.children("td").each(function() { + if ($(this).attr("rowspan") !== undefined) { + this.rowSpan = this.rowSpan + 1; + } + }); + + var name, + $clone = $tr.clone().removeClass("hh-tr-first hh-tr-group-start"), + $this = $(this), + index = Math.ceil(Math.random() * 9999); + + if ($tr.hasClass("hh-tr-group-end")) { + name = $tr.find("input[name$='[url]']").attr("name"); + } else { + name = $tr.nextAll(".hh-tr-group-end:eq(0)").find("input[name$='[url]']").attr("name"); + } + + var m = name.match(/\[(\d+)\]\[url\]$/), + index = Number(m[1]) + 1; + + $clone.find("td").each(function() { + if ($(this).attr("rowspan") !== undefined) { + $(this).remove(); + } + }); + + $clone.find('input[type="text"]').val(""); + $clone.find('input[type="number"]').val(""); + $clone.find("td:last").html(''); + $clone.find(":input").each(function () { + this.name = this.name.replace('[endpoints][0]', '[endpoints][' + index + ']'); + }); + + $clone.addClass("hh-tr-group-end"); + if ($tr.hasClass("hh-tr-group-end")) { + $tr.removeClass("hh-tr-group-end"); + $tr.after($clone); + } else { + $tr.nextAll(".hh-tr-group-end:eq(0)").removeClass("hh-tr-group-end").after($clone); + } + + }).on('click', '#hh-btn-add-endpoint-group', function () { + var $this = $(this), + index = Math.ceil(Math.random() * 9999), + $table = $this.closest("table"), + $clone = $table.find("tr.hh-tr-first").eq(0).clone(), + name = $table.find("tr:nth-last-child(2)").find(":input:first").attr("name"), + m = name.match(/^hh_report_to_value\[(\d+)\]/), + index = Number(m[1]) + 1; + + $clone.find("td").each(function() { + if ($(this).attr("rowspan") !== undefined) { + this.rowSpan = 1; + } + }); + + $clone.find('input[type="text"]').val(""); + $clone.find('input[type="number"]').val(""); + $clone.find('input[type="checkbox"]').prop("checked", false); + $clone.find("option:first").prop("selected", true); + $clone.find("td:last").html(''); + $clone.find(":input").each(function () { + this.name = this.name.replace('[0]', '[' + index + ']'); + }); + $clone.addClass("hh-tr-group-end").removeClass("hh-tr-first"); + + $this.closest('tr').before($clone); + }).on('click', '.hh-btn-delete-header, .hh-btn-delete-origin, .hh-btn-delete-user, .hh-btn-delete-ac', function () { + + $(this).closest('tr').remove(); + + }).on('click', '.hh-btn-delete-endpoint', function() { + + var $group, + $tr = $(this).closest("tr"); + + if ($tr.prev("tr").hasClass("hh-tr-group-start")) { + $group = $tr.prev("tr"); + } else { + $group = $tr.prevUntil("tr.hh-tr-group-start").prev("tr"); + } + + $group.children("td").each(function() { + if (this.rowSpan > 1) { + this.rowSpan = this.rowSpan - 1; + } + }); + + if ($tr.hasClass("hh-tr-group-end")) { + $tr.prev("tr").addClass("hh-tr-group-end"); + } + + $tr.remove(); + + }).on('click', '.hh-btn-delete-endpoint-group', function () { + var rows = $(this).closest("td").attr("rowspan"); + if (rows === undefined || rows < 2) { + $(this).closest('tr').remove(); + } else { + $(this).closest('tr').nextAll("tr").addBack().slice(0, rows).remove(); + } + }).on("click", ".hh-btn-add-ac", function () { + var $this = $(this); + $this.closest('tr').before(' \ + \ + \ + '); + }).on("click", ".hh-btn-add-origin", function () { + $(this).closest('tr').before(' \ +   \ + \ + \ + '); + }).on("click", ".hh-btn-add-user", function () { + $(this).closest('tr').before(' \ +   \ + \ + \ + \ + '); + }).on("click", ".hh-btn-import-choose", function () { + $("#hh-import-file").trigger("click"); + }).on("change", "#hh-import-file", function () { + $("#hh-import-name").html(this.files[0].name); + }).on("change", 'select[name^="hh_feature_policy_value"]', function () { + var $this = $(this), + value = $this.find("option:selected").val(), + $input = $this.siblings('input[name^="hh_feature_policy_origin"]'); + if (value === "'self'" || value === "origin(s)") { + $input.show(); + } else { + $input.hide(); + } + }).on("change", 'select[name^="hh_permissions_policy_value"]', function () { + var $this = $(this), + value = $this.find("option:selected").val(), + $input = $this.siblings('input[name^="hh_permissions_policy_origin"]'); + if (value === "self" || value === "origin(s)") { + $input.show(); + } else { + $input.hide(); + } + }).on("change", 'input[name^="hh_content_security_policy_value"]', function () { + + var $this = $(this); + + if (this.checked) { + if (/\[\*\]$/.test(this.name)) { + $this.closest("td").find('input[type="checkbox"]').not(this).prop("checked", false); + $this.closest("p").siblings("p").hide(); + } else { + $this.closest("td").find('input[type="checkbox"][name$="[*]"]').prop("checked", false); + } + } else { + if (/\[\*\]$/.test(this.name)) { + $this.closest("p").siblings("p").show(); + } + } + }).on("change", 'input[type="checkbox"][name="hh_cookie_security_value[SameSite]"]', function () { + if (this.checked) { + $(".hh-csv-value") + .removeClass("hh-hidden") + .find('input[type="radio"]') + .prop("disabled", false) + .filter(":first") + .prop("checked", true); + } else { + $(".hh-csv-value") + .addClass("hh-hidden") + .find('input[type="radio"]') + .prop("disabled", true); + } + }); + + $('.hh-tabs').on('click', 'ul a', function (e) { + e.preventDefault(); + + var $this = $(this); + $($this.attr('href')) + .removeClass('hh-hidden').addClass('hh-tab-active').attr('aria-hidden', 'false').attr('aria-expanded', 'true') + .siblings('div').addClass('hh-hidden').removeClass('hh-tab-active').attr('aria-hidden', 'true').attr('aria-expanded', 'false'); + $this.closest('li') + .addClass('hh-active').attr('aria-selected', 'true').attr('tabindex', 0) + .siblings('li').removeClass('hh-active').attr('aria-selected', 'false').attr('tabindex', -1); + }).each(function () { + var $this = $(this), + $ul = $this.children('ul').attr('role', 'tablist'), + $li = $ul.children('li').attr('role', 'tab') + .not(':first').attr('aria-selected', 'false').attr('tabindex', -1) + .end().eq(0).attr('aria-selected', 'true').attr('tabindex', 0) + .end(), + $a = $li.find('a').attr('role', 'presentation').attr('tabindex', -1), + $div = $this.children('div').attr('role', 'tabpanel') + .not(':first').attr('aria-hidden', 'true').attr('aria-expanded', 'false') + .end().eq(0).attr('aria-hidden', 'false').attr('aria-expanded', 'true') + .end(); + + $li.each(function (i) { + var $this = $(this), + id = 'hh-tabs-' + Math.ceil(Math.random() * 999999) + '-' + i, + $a = $this.attr('aria-labelledby', id).find('a').attr('id', id), + href = $a.attr('href'); + $this.attr('aria-controls', href.substring(1)).attr('aria-labelledby', id); + $(href).attr('aria-labelledby', id); + }); + + }); + }); +})(jQuery); \ No newline at end of file diff --git a/wp-content/plugins/http-headers/assets/styles.css b/wp-content/plugins/http-headers/assets/styles.css new file mode 100644 index 000000000..ac25d1c76 --- /dev/null +++ b/wp-content/plugins/http-headers/assets/styles.css @@ -0,0 +1,357 @@ +select.readonly, +select[readonly] { + background-color: #eee; +} +.hh-table > tbody > tr > th, +.hh-table > tbody > tr > td, +.hh-table td{ + vertical-align: top; +} +.hh-table tbody td.hh-td-inner{ + padding: 0; +} +.hh-table > tbody > tr > th{ + width: 35%; +} +.hh-table > tbody > tr > td:nth-child(2){ + width: 10%; +} +.hh-table > tbody > tr > th .description{ + font-weight: normal; +} +.hh-table .hh-center{ + text-align: center; +} +.hh-table .hh-middle{ + vertical-align: middle; +} +.hh-table .hh-p-sm td, +.hh-table .hh-p-sm th{ + padding: 8px 5px; +} +.hh-bordered{ + border-collapse: collapse; +} +.hh-bordered th, +.hh-bordered td{ + border: dashed 1px #999; +} +.hh-panel{ + background-color: #fff; + padding: .7em 2em 1em; + -webkit-box-shadow: 0 1px 1px rgba(0,0,0,.04); + -moz-box-shadow: 0 1px 1px rgba(0,0,0,.04); + box-shadow: 0 1px 1px rgba(0,0,0,.04); + border: 1px solid #e5e5e5; + margin: 20px 0 0; +} + +.hh-index-table{ + border-collapse: separate; + border-spacing: 0; + width: 100%; +} +.hh-index-table tbody{ + border-left: solid 1px rgba(0,0,0,.1); + border-right: solid 1px rgba(0,0,0,.1); +} +.hh-index-table th{ + background-color: #fff; + font-weight: normal; + padding: 8px 10px; + text-align: left; +} +.hh-index-table td{ + background-color: #fff; + color: gray; + padding: 8px 10px; +} +.hh-index-table td:first-child{ + border-left: 4px solid #fff; +} +.hh-index-table .active td{ + background-color: #f7fcfe; + color: green; +} +.hh-index-table .active td:first-child{ + border-left: 4px solid #00a0d2; +} +.hh-index-table td{ + box-shadow: 0 -1px 0 rgba(0,0,0,.1); +} +.hh-index-table .hh-status{ + text-align: center; +} +.hh-index-table .hh-status span{ + display: inline-block; + border-radius: 3px; + padding: 2px 5px; +} +.hh-index-table .hh-status-on span{ + background-color: green; + color: #fff; +} +.hh-index-table .hh-status-off span{ + background-color: #aaa; + color: #fff; +} +.hh-notice{ + background-color: #FFFFCC; + margin: 20px 0; + padding: 8px 10px; +} +.hh-breadcrumbs{ + +} +.hh-breadcrumbs li{ + display: inline-block; +} +.hh-breadcrumbs li:not(:last-child):after { + content: "\00A0\00BB\00A0"; + display: inline-block; +} +.hh-breadcrumbs li a{ + +} +.hh-highlight{ + background-color: #333; + color: #fff; + font-weight: 400; + padding: 3px 7px; +} +.hh-results{ + border-collapse: collapse; + width: 100%; +} +.hh-results thead th, +.hh-results tbody td{ + border-top: solid 1px #e0e0e0; + padding: 5px 5px 5px 0; + text-align: left; +} +.hh-results thead th{ + border: none; +} +.hh-results tbody tr td:first-child{ + white-space: nowrap; +} +.hh-results tbody tr.hh-found td{ + background-color: #f7fcfe; +} +.hh-results tbody tr.hh-found td:first-child{ + color: green; +} +.form-field .form-label{ + font-weight: bold; +} +.form-field .form-lbl{ + display: inline-block; + margin: 0 10px 0 0; +} +.form-row .form-col-6{ + float: left; + width: 50%; +} +.form-row:after{ + clear: left; + content: ''; + display: table; + zoom: 1; +} +.hh-tabs > ul{ + margin-bottom: -1px; +} +.hh-tabs > ul:after{ + content: ''; + display: table; + clear: left; + zoom: 1; +} +.hh-tabs > ul > li{ + background-color: #fff; + border: solid 1px #ccc; + border-bottom: none; + display: inline-block; + float: left; + margin: 0 5px 0 0; + padding: 0; +} +.hh-tabs > ul > li a{ + color: #222; + display: inline-block; + padding: 5px 10px; + text-decoration: none; +} +.hh-tabs > ul > li.hh-active{ + border: solid 1px #222; + border-bottom-color: #fff; +} +.hh-tabs .hh-tab-active{ + background-color: #fff; + border: solid 1px #222; + padding: 20px; +} +.hh-textarea-manual{ + width: 100%; +} +.hh-hidden{ + display: none; +} +.hh-wrapper{ + +} +.hh-sidebar{ + float: right; + width: 20%; +} +.hh-sidebar-inner{ + background-color: #fff; + border: solid 1px #92D295; + padding: 15px; +} +.hh-sidebar-inner h3{ + margin: 0; +} +.hh-categories{ + float: left; + width: 80%; +} +.hh-categories *{ + -webkit-box-sizing: border-box; + -moz-box-sizing: border-box; + box-sizing: border-box; +} +.hh-wrapper:after, +.hh-categories:after{ + content: ''; + clear: both; + display: table; + zoom: 1; +} +a.hh-category{ + background-color: #fff; + border: solid 1px #92D295; + display: inline-block; + float: left; + font-size: 16px; + height: 168px; + margin: 0 3% 3% 0; + position: relative; + text-align: center; + text-decoration: none; + text-transform: uppercase; + width: 30%; +} + +a.hh-category i { + background-color: #92D295; + display: inline-block; + height: 48px; + margin: 35px 0 0; + text-align: center; + width: 48px; + -webkit-transform: rotate(20deg); + -moz-transform: rotate(20deg); + -ms-transform: rotate(20deg); + -o-transform: rotate(20deg); +} +a.hh-category i:after { + background-color: #92D295; + content: ""; + display: inline-block; + height: 48px; + width: 48px; + -webkit-transform: rotate(135deg); + -moz-transform: rotate(135deg); + -ms-transform: rotate(135deg); + -o-transform: rotate(135deg); +} + +a.hh-category span{ + display: block; + color: #fff; + font-size: 24px; + font-weight: 600; + text-transform: uppercase; + left: 0; + position: absolute; + top: 48px; + width: 100%; +} + +a.hh-category strong{ + display: block; + font-weight: normal; + margin: 20px 0 0; +} + +a.hh-category:hover{ + box-shadow: 0 0 3px #6EC271; +} +a.hh-category:hover i{ + -webkit-transform: rotate(160deg); + -moz-transform: rotate(160deg); + -ms-transform: rotate(160deg); + -o-transform: rotate(160deg); + + -webkit-transition: -webkit-transform 0.5s ease-out; + -moz-transition: -moz-transform 0.5s ease-out; + -o-transition: -o-transform 0.5s ease-out; + transition: transform 0.5s ease-out; +} +.hh-p{ + margin: 0.5em 0; +} +.hh-csv-value { + padding-left: 25px; +} +@media (min-width: 1280px) { + a.hh-category{ + max-width: 260px; + } +} +@media (max-width: 960px) { + a.hh-category{ + margin: 0 5% 20px; + width: 40%; + } + .hh-categories{ + width: 70%; +} + .hh-sidebar{ + width: 30%; + } +} +@media (max-width: 768px) { + .hh-categories{ + width: 65%; + } + .hh-sidebar{ + width: 35%; + } +} +@media (max-width: 640px) { + a.hh-category{ + float: none; + margin: 0 0 20px; + width: 100%; + } + .hh-categories{ + width: 55%; + } + .hh-sidebar{ + width: 40%; + } +} +@media (max-width: 468px) { + a.hh-category{ + max-width: 260px; + } + .hh-categories, + .hh-sidebar{ + float: none; + margin: 0 auto; + max-width: 250px; + width: 100%; + } +} \ No newline at end of file diff --git a/wp-content/plugins/http-headers/http-headers.php b/wp-content/plugins/http-headers/http-headers.php new file mode 100644 index 000000000..e2bed550b --- /dev/null +++ b/wp-content/plugins/http-headers/http-headers.php @@ -0,0 +1,1621 @@ +. + +Copyright (c) 2017-2023 Dimitar Ivanov +*/ + +if (!defined('ABSPATH')) { + exit; +} + +$options = include dirname(__FILE__) . '/views/includes/options.inc.php'; +foreach ($options as $option) { + if (get_option($option[0]) === false) { + add_option($option[0], $option[1], null, 'yes'); + } +} + +function build_csp_value($value, $escape=false) { + if (!is_array($value)) + { + return NULL; + } + $csp = array(); + foreach ($value as $key => $val) + { + if (is_array($val)) + { + $source = NULL; + if (isset($val['source'])) + { + $source = $val['source']; + unset($val['source']); + } + if (!empty($val)) + { + $val = join(" ", array_keys($val)); + if ($source) + { + $val .= " " . $source; + } + $csp[] = sprintf("%s %s", $key, $escape ? esc_html($val) : $val); + } elseif ($source) { + $csp[] = sprintf("%s %s", $key, $escape ? esc_html($source) : $source); + } + } else { + if (in_array($key, array('block-all-mixed-content', 'upgrade-insecure-requests'))) + { + $csp[] = $key; + } + if (in_array($key, array('plugin-types', 'report-to')) && !empty($val)) + { + $csp[] = sprintf("%s %s", $key, $escape ? esc_html($val) : $val); + } + } + } + + if (!$csp) + { + return NULL; + } + + return join('; ', $csp); +} + +function get_htaccess_filename() { + return get_option('hh_htaccess_path'); +} + +function get_user_ini_filename() { + return get_option('hh_user_ini_path'); +} + +function get_htpasswd_filename() { + return get_option('hh_htpasswd_path'); +} + +function get_htdigest_filename() { + return get_option('hh_htdigest_path'); +} + +function get_http_headers() { + $statuses = array(); + $unset = array(); + $headers = array(); + $append = array(); + if (get_option('hh_x_frame_options') == 1) { + $x_frame_options_value = strtoupper(get_option('hh_x_frame_options_value')); + if ($x_frame_options_value == 'ALLOW-FROM') { + $x_frame_options_value .= ' ' . get_option('hh_x_frame_options_domain'); + } + $headers['X-Frame-Options'] = $x_frame_options_value; + } + if (get_option('hh_x_powered_by') == 1) { + if (get_option('hh_x_powered_by_option') == 'set') { + $headers['X-Powered-By'] = get_option('hh_x_powered_by_value'); + } else { + $unset[] = 'X-Powered-By'; + } + } + if (get_option('hh_x_xxs_protection') == 1) { + $headers['X-XSS-Protection'] = get_option('hh_x_xxs_protection_value'); + if ($headers['X-XSS-Protection'] == '1; report=') { + $headers['X-XSS-Protection'] .= get_option('hh_x_xxs_protection_uri'); + } + } + if (get_option('hh_x_content_type_options') == 1) { + $headers['X-Content-Type-Options'] = get_option('hh_x_content_type_options_value'); + } + if (get_option('hh_x_download_options') == 1) { + $headers['X-Download-Options'] = get_option('hh_x_download_options_value'); + } + if (get_option('hh_x_permitted_cross_domain_policies') == 1) { + $headers['X-Permitted-Cross-Domain-Policies'] = get_option('hh_x_permitted_cross_domain_policies_value'); + } + if (get_option('hh_x_dns_prefetch_control') == 1) { + $headers['X-DNS-Prefetch-Control'] = get_option('hh_x_dns_prefetch_control_value'); + } + if (get_option('hh_connection') == 1) { + $headers['Connection'] = get_option('hh_connection_value'); + } + if (get_option('hh_pragma') == 1) { + $headers['Pragma'] = get_option('hh_pragma_value'); + } + if (get_option('hh_age') == 1) { + $headers['Age'] = sprintf("%u", get_option('hh_age_value')); + } + if (get_option('hh_cache_control') == 1) { + $hh_cache_control_value = get_option('hh_cache_control_value', array()); + $tmp = array(); + foreach ($hh_cache_control_value as $k => $v) { + if (in_array($k, array('max-age', 's-maxage', 'stale-while-revalidate', 'stale-if-error'))) { + if (strlen($v) > 0) { + $tmp[] = sprintf("%s=%u", $k, $v); + } + } else { + $tmp[] = $k; + } + } + $hh_cache_control_value = join(', ', $tmp); + $headers['Cache-Control'] = $hh_cache_control_value; + } + if (get_option('hh_strict_transport_security') == 1) { + $hh_strict_transport_security = array(); + + $hh_strict_transport_security_max_age = get_option('hh_strict_transport_security_max_age'); + if ($hh_strict_transport_security_max_age !== false) + { + $hh_strict_transport_security[] = sprintf('max-age=%u', get_option('hh_strict_transport_security_max_age')); + if (get_option('hh_strict_transport_security_sub_domains')) + { + $hh_strict_transport_security[] = 'includeSubDomains'; + } + if (get_option('hh_strict_transport_security_preload')) + { + $hh_strict_transport_security[] = 'preload'; + } + } else { + $hh_strict_transport_security = array(get_option('hh_strict_transport_security_value')); + } + $headers['Strict-Transport-Security'] = join('; ', $hh_strict_transport_security); + } + if (get_option('hh_x_ua_compatible') == 1) { + $headers['X-UA-Compatible'] = get_option('hh_x_ua_compatible_value'); + } + + if (get_option('hh_content_security_policy') == 1) + { + $value = get_option('hh_content_security_policy_value'); + $csp = build_csp_value($value); + if ($csp) + { + $csp_report_only = get_option('hh_content_security_policy_report_only'); + $headers['Content-Security-Policy'.($csp_report_only ? '-Report-Only' : NULL)] = $csp; + } + } + + if (get_option('hh_access_control_allow_origin') == 1) + { + $value = get_option('hh_access_control_allow_origin_value'); + switch ($value) + { + case 'origin': + $value = get_option('hh_access_control_allow_origin_url', array()); + if (is_scalar($value)) + { + $value = array($value); + } + break; + } + if (!empty($value)) + { + $headers['Access-Control-Allow-Origin'] = $value; + } + } + if (get_option('hh_access_control_allow_credentials') == 1) + { + $headers['Access-Control-Allow-Credentials'] = get_option('hh_access_control_allow_credentials_value'); + } + if (get_option('hh_access_control_max_age') == 1) + { + $value = get_option('hh_access_control_max_age_value'); + if (!empty($value)) + { + $headers['Access-Control-Max-Age'] = intval($value); + } + } + if (get_option('hh_access_control_allow_methods') == 1) + { + $value = get_option('hh_access_control_allow_methods_value'); + if (!empty($value)) + { + $headers['Access-Control-Allow-Methods'] = join(', ', array_keys($value)); + } + } + if (get_option('hh_access_control_allow_headers') == 1) + { + $tmp = array(); + $value = get_option('hh_access_control_allow_headers_value'); + if (!empty($value)) + { + $tmp = array_merge($tmp, array_keys($value)); + } + $custom = get_option('hh_access_control_allow_headers_custom'); + if (!empty($custom)) + { + $tmp = array_merge($tmp, $custom); + } + if ($tmp) + { + $tmp = array_filter($tmp, 'trim'); + $tmp = array_unique($tmp); + $headers['Access-Control-Allow-Headers'] = join(', ', $tmp); + } + } + if (get_option('hh_access_control_expose_headers') == 1) + { + $tmp = array(); + $value = get_option('hh_access_control_expose_headers_value'); + if (!empty($value)) + { + $tmp = array_merge($tmp, array_keys($value)); + } + $custom = get_option('hh_access_control_expose_headers_custom'); + if (!empty($custom)) + { + $tmp = array_merge($tmp, $custom); + } + if ($tmp) + { + $tmp = array_filter($tmp, 'trim'); + $tmp = array_unique($tmp); + $headers['Access-Control-Expose-Headers'] = join(', ', $tmp); + } + } + if (get_option('hh_p3p') == 1) + { + $value = get_option('hh_p3p_value'); + if (!empty($value)) + { + $headers['P3P'] = 'CP="' . join(' ', array_keys($value)) . '"'; + } + } + if (get_option('hh_referrer_policy') == 1) { + $headers['Referrer-Policy'] = get_option('hh_referrer_policy_value'); + } + if (get_option('hh_cross_origin_resource_policy') == 1) { + $headers['Cross-Origin-Resource-Policy'] = get_option('hh_cross_origin_resource_policy_value'); + } + if (get_option('hh_cross_origin_embedder_policy') == 1) { + $headers['Cross-Origin-Embedder-Policy'] = get_option('hh_cross_origin_embedder_policy_value'); + } + if (get_option('hh_cross_origin_opener_policy') == 1) { + $headers['Cross-Origin-Opener-Policy'] = get_option('hh_cross_origin_opener_policy_value'); + } + if (get_option('hh_www_authenticate') == 1) { + + switch (get_option('hh_www_authenticate_type')) { + case 'Basic': + if (!(isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) + && $_SERVER['PHP_AUTH_USER'] == get_option('hh_www_authenticate_user') + && $_SERVER['PHP_AUTH_PW'] == get_option('hh_www_authenticate_pswd'))) { + $headers['WWW-Authenticate'] = sprintf("Basic realm='%s'", get_option('hh_www_authenticate_realm')); + $statuses['HTTP/1.1'] = '401 Unauthorized'; + } + break; + case 'Digest': + if (empty($_SERVER['PHP_AUTH_DIGEST'])) { + $realm = get_option('hh_www_authenticate_realm'); + $headers['WWW-Authenticate'] = sprintf("Digest realm='%s',qop='auth',nonce='%s',opaque='%s'", + $realm, uniqid(), md5($realm)); + $statuses['HTTP/1.1'] = '401 Unauthorized'; + } + break; + } + } + if (get_option('hh_vary') == 1) + { + $value = get_option('hh_vary_value'); + if (!empty($value)) + { + $append['Vary'] = join(', ', array_keys($value)); + } + } + + if (get_option('hh_expect_ct') == 1) { + $expect_ct_max_age = get_option('hh_expect_ct_max_age'); + $expect_ct_report_uri = get_option('hh_expect_ct_report_uri'); + if (!empty($expect_ct_report_uri) && !empty($expect_ct_max_age)) { + + $expect_ct = array(); + $expect_ct[] = sprintf("max-age=%u", $expect_ct_max_age); + if (get_option('hh_expect_ct_enforce') == 1) { + $expect_ct[] = "enforce"; + } + $expect_ct[] = sprintf('report-uri="%s"', $expect_ct_report_uri); + $headers['Expect-CT'] = join(', ', $expect_ct); + } + } + if (get_option('hh_custom_headers') == 1) { + $custom_headers = get_option('hh_custom_headers_value'); + if (isset($custom_headers['name'], $custom_headers['value']) && !empty($custom_headers['name'])) { + foreach ($custom_headers['name'] as $key => $name) { + $name = trim($name); + $value = trim($custom_headers['value'][$key]); + if (empty($name) || empty($value)) { + continue; + } + $headers[$name] = $value; + } + } + } + + $value = get_http_header('report_to'); + if ($value) { + $headers['Report-To'] = $value; + } + + $value = get_http_header('nel'); + if ($value) { + $headers['NEL'] = $value; + } + + $value = get_http_header('feature_policy'); + if ($value) { + $headers['Feature-Policy'] = $value; + } + + $value = get_http_header('permissions_policy'); + if ($value) { + $headers['Permissions-Policy'] = $value; + } + + $value = get_http_header('x_robots_tag'); + if ($value) { + $headers['X-Robots-Tag'] = $value; + } + + return array($headers, $statuses, $unset, $append); +} + +function get_http_header($header_name) { + $fn = sprintf('get_%s_header', $header_name); + if (!function_exists($fn)) { + return NULL; + } + + return call_user_func($fn); +} + +function get_report_to_header() { + if (get_option('hh_report_to') != 1) { + return NULL; + } + $report_to = get_option('hh_report_to_value'); + $tmp = array(); + foreach ($report_to as $item) { + $endpoints = array(); + foreach ($item['endpoints'] as $endpoint) { + $endpoints[] = sprintf('{"url": "%s"%s%s}', + $endpoint['url'], + is_numeric($endpoint['priority']) ? sprintf(', "priority": %u', $endpoint['priority']) : NULL, + is_numeric($endpoint['weight']) ? sprintf(', "weight": %u', $endpoint['weight']) : NULL + ); + } + + $tmp[] = sprintf('{"max_age": %u%s%s, "endpoints": [%s]}', + $item['max_age'], + $item['group'] ? sprintf(', "group": "%s"', $item['group']) : NULL, + $item['include_subdomains'] ? sprintf(', "include_subdomains": true') : NULL, + join(", ", $endpoints) + ); + } + + return join(', ', $tmp); +} + +function get_x_robots_tag_header() { + if (get_option('hh_x_robots_tag') != 1) { + return NULL; + } + + $hh_x_robots_tag_value = get_option('hh_x_robots_tag_value', array()); + $tmp = array(); + foreach ($hh_x_robots_tag_value as $k => $v) { + if ($k == 'max-snippet') { + if (is_numeric($v) && $v >= -1) { + $tmp[] = "$k:$v"; + } + } elseif ($k == 'max-image-preview') { + if (!empty($v)) { + $tmp[] = "$k:$v"; + } + } elseif ($k == 'max-video-preview') { + if (is_numeric($v) && $v >= -1) { + $tmp[] = "$k:$v"; + } + } elseif ($k == 'unavailable_after') { + if (!empty($v)) { + $tmp[] = "$k:$v"; + } + } else { + $tmp[] = $k; + } + } + return join(', ', $tmp); +} + +function get_nel_header() { + if (get_option('hh_nel') != 1) { + return NULL; + } + + $nel = get_option('hh_nel_value', array()); + return sprintf('{"report_to": "%s", "max_age": %u%s%s%s%s%s}', + isset($nel['report_to']) ? $nel['report_to'] : NULL, + isset($nel['max_age']) ? $nel['max_age'] : NULL, + isset($nel['include_subdomains']) ? ', "include_subdomains": true' : NULL, + array_key_exists('success_fraction', $nel) && is_numeric($nel['success_fraction']) ? ', "success_fraction": '. $nel['success_fraction'] : NULL, + array_key_exists('failure_fraction', $nel) && is_numeric($nel['failure_fraction']) ? ', "failure_fraction": '. $nel['failure_fraction'] : NULL, + isset($nel['request_headers']) && !empty($nel['request_headers']) ? sprintf(', "request_headers": ["%s"]', join('", "', array_map('trim', explode(',', $nel['request_headers'])))) : NULL, + isset($nel['response_headers']) && !empty($nel['response_headers']) ? sprintf(', "response_headers": ["%s"]', join('", "', array_map('trim', explode(',', $nel['response_headers'])))) : NULL + ); +} + +function get_feature_policy_header() { + if (get_option('hh_feature_policy') != 1) { + return NULL; + } + $feature_policy_feature = get_option('hh_feature_policy_feature'); + $feature_policy_value = get_option('hh_feature_policy_value'); + $feature_policy_origin = get_option('hh_feature_policy_origin'); + $tmp = array(); + $feature_policy_feature = is_array($feature_policy_feature) ? $feature_policy_feature : array(); + foreach (array_keys($feature_policy_feature) as $feature) { + $value = NULL; + switch ($feature_policy_value[$feature]) { + case '*': + case "'none'": + $value = $feature_policy_value[$feature]; + break; + case "'self'": + $value = $feature_policy_value[$feature]; + if (!empty($feature_policy_origin[$feature])) { + $value .= " " . $feature_policy_origin[$feature]; + } + break; + case 'origin(s)': + $value = $feature_policy_origin[$feature]; + break; + } + + $tmp[] = sprintf("%s %s", $feature, $value); + } + + return join('; ', $tmp); +} + +function get_permissions_policy_header() { + if (get_option('hh_permissions_policy') != 1) { + return NULL; + } + $permissions_policy_feature = get_option('hh_permissions_policy_feature'); + $permissions_policy_value = get_option('hh_permissions_policy_value'); + $permissions_policy_origin = get_option('hh_permissions_policy_origin'); + + $tmp = array(); + $permissions_policy_feature = is_array($permissions_policy_feature) ? $permissions_policy_feature : array(); + foreach (array_keys($permissions_policy_feature) as $feature) { + + $origins = NULL; + if (!empty($permissions_policy_origin[$feature])) + { + $origins = $permissions_policy_origin[$feature]; + $origins = str_replace(array('"', "'"), '', $origins); + $origins = explode(' ', $origins); + $origins = array_filter($origins); + $origins = array_unique($origins); + $origins = '"' . join('" "', $origins) . '"'; + } + + $value = NULL; + switch ($permissions_policy_value[$feature]) { + case '*': + $value = '*'; + break; + case "none": + $value = '()'; + break; + case "self": + $value = 'self'; + if ($origins) + { + $value .= ' ' . $origins; + } + $value = sprintf('(%s)', $value); + break; + case 'origin(s)': + $value = sprintf('(%s)', $origins); + break; + } + + $tmp[] = sprintf('%s=%s', $feature, $value); + } + + return join(', ', $tmp); +} + +function http_digest_parse($txt) { + $txt = stripslashes($txt); + + $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1); + $data = array(); + $keys = implode('|', array_keys($needed_parts)); + + $matches = null; + preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER); + + foreach ($matches as $m) { + $data[$m[1]] = $m[3] ? $m[3] : $m[4]; + unset($needed_parts[$m[1]]); + } + + return $needed_parts ? false : $data; +} + +function php_auth_digest() { + if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || get_option('hh_www_authenticate_user') != $data['username']) { + die('Wrong Credentials!'); + } + + $A1 = md5($data['username'] . ':' . get_option('hh_www_authenticate_realm') . ':' . get_option('hh_www_authenticate_pswd')); + $A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']); + $valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2); + if ($data['response'] != $valid_response) { + die('Wrong Credentials!'); + } +} + +function php_content_encoding() { + if (substr_count($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) { + ob_start('ob_gzhandler'); + } else { + ob_start(); + } +} + +function php_cookie_security_directives() { + $lines = array(); + if (get_option('hh_cookie_security') == 1) { + $value = get_option('hh_cookie_security_value', array()); + if (isset($value['HttpOnly'])) { + $lines[] = 'session.cookie_httponly = on'; + } + if (isset($value['Secure'])) { + $lines[] = 'session.cookie_secure = on'; + } + if (isset($value['SameSite']) && in_array($value['SameSite'], array('None', 'Lax', 'Strict'))) { + $lines[] = sprintf('session.cookie_samesite = "%s"', $value['SameSite']); + } + } + + return $lines; +} + +function http_headers() { + if (!is_php_mode()) { + return; + } + // PHP method below + list($headers, $statuses, $unset, $append) = get_http_headers(); + $isCors = false; + foreach ($headers as $key => $value) { + if ($key == 'Access-Control-Allow-Origin') { + if (isset($_SERVER['HTTP_ORIGIN'])) { + if (in_array($value, array('*', 'null'))) { + $isCors = true; + header(sprintf("%s: *", $key)); + } + + if (is_array($value) && in_array($_SERVER['HTTP_ORIGIN'], $value)) { + $isCors = true; + header(sprintf("%s: %s", $key, $_SERVER['HTTP_ORIGIN'])); + header("Vary: Origin", false); + } + } + continue; + } + if (in_array($key, array('Access-Control-Allow-Headers', 'Access-Control-Allow-Methods', 'Access-Control-Allow-Credentials', 'Access-Control-Max-Age', 'Access-Control-Expose-Headers'))) { + if ($isCors) { + header(sprintf("%s: %s", $key, $value)); + } + continue; + } + header(sprintf("%s: %s", $key, $value)); + } + foreach ($append as $key => $value) { + header(sprintf("%s: %s", $key, $value), false); + } + foreach ($unset as $header) { + if (function_exists('header_remove')) { + header_remove($header); + } else { + header("$header:"); + } + } + foreach ($statuses as $key => $value) { + header(sprintf("%s %s", $key, $value)); + exit; + } + + if (get_option('hh_www_authenticate') == 1) { + php_auth_digest(); + } + + if (get_option('hh_content_encoding') == 1) { + php_content_encoding(); + } +} + +function http_headers_admin_add_page() { + add_options_page('HTTP Headers', 'HTTP Headers', 'manage_options', 'http-headers', 'http_headers_admin_page'); +} + +function http_headers_admin() { + register_setting('http-headers-mtd', 'hh_method'); + register_setting('http-headers-mtd', 'hh_htaccess_path'); + register_setting('http-headers-mtd', 'hh_user_ini_path'); + register_setting('http-headers-mtd', 'hh_htpasswd_path'); + register_setting('http-headers-mtd', 'hh_htdigest_path'); + register_setting('http-headers-xfo', 'hh_x_frame_options'); + register_setting('http-headers-xfo', 'hh_x_frame_options_value'); + register_setting('http-headers-xfo', 'hh_x_frame_options_domain'); + register_setting('http-headers-xss', 'hh_x_xxs_protection'); + register_setting('http-headers-xss', 'hh_x_xxs_protection_value'); + register_setting('http-headers-xss', 'hh_x_xxs_protection_uri'); + register_setting('http-headers-cto', 'hh_x_content_type_options'); + register_setting('http-headers-cto', 'hh_x_content_type_options_value'); + register_setting('http-headers-sts', 'hh_strict_transport_security'); + register_setting('http-headers-sts', 'hh_strict_transport_security_value'); //obsolete + register_setting('http-headers-sts', 'hh_strict_transport_security_max_age'); + register_setting('http-headers-sts', 'hh_strict_transport_security_sub_domains'); + register_setting('http-headers-sts', 'hh_strict_transport_security_preload'); + register_setting('http-headers-uac', 'hh_x_ua_compatible'); + register_setting('http-headers-uac', 'hh_x_ua_compatible_value'); + register_setting('http-headers-p3p', 'hh_p3p'); + register_setting('http-headers-p3p', 'hh_p3p_value'); + register_setting('http-headers-rp', 'hh_referrer_policy'); + register_setting('http-headers-rp', 'hh_referrer_policy_value'); + register_setting('http-headers-csp', 'hh_content_security_policy'); + register_setting('http-headers-csp', 'hh_content_security_policy_value'); + register_setting('http-headers-csp', 'hh_content_security_policy_report_only'); + register_setting('http-headers-acao', 'hh_access_control_allow_origin'); + register_setting('http-headers-acao', 'hh_access_control_allow_origin_value'); + register_setting('http-headers-acao', 'hh_access_control_allow_origin_url'); + register_setting('http-headers-acac', 'hh_access_control_allow_credentials'); + register_setting('http-headers-acac', 'hh_access_control_allow_credentials_value'); + register_setting('http-headers-acam', 'hh_access_control_allow_methods'); + register_setting('http-headers-acam', 'hh_access_control_allow_methods_value'); + register_setting('http-headers-acah', 'hh_access_control_allow_headers'); + register_setting('http-headers-acah', 'hh_access_control_allow_headers_value'); + register_setting('http-headers-acah', 'hh_access_control_allow_headers_custom'); + register_setting('http-headers-aceh', 'hh_access_control_expose_headers'); + register_setting('http-headers-aceh', 'hh_access_control_expose_headers_value'); + register_setting('http-headers-aceh', 'hh_access_control_expose_headers_custom'); + register_setting('http-headers-acma', 'hh_access_control_max_age'); + register_setting('http-headers-acma', 'hh_access_control_max_age_value'); + register_setting('http-headers-ce', 'hh_content_encoding'); + register_setting('http-headers-ce', 'hh_content_encoding_module'); + register_setting('http-headers-ce', 'hh_content_encoding_value'); + register_setting('http-headers-ce', 'hh_content_encoding_ext'); + register_setting('http-headers-vary', 'hh_vary'); + register_setting('http-headers-vary', 'hh_vary_value'); + register_setting('http-headers-xpb', 'hh_x_powered_by'); + register_setting('http-headers-xpb', 'hh_x_powered_by_option'); + register_setting('http-headers-xpb', 'hh_x_powered_by_value'); + register_setting('http-headers-wwa', 'hh_www_authenticate'); + register_setting('http-headers-wwa', 'hh_www_authenticate_type'); + register_setting('http-headers-wwa', 'hh_www_authenticate_realm'); + register_setting('http-headers-wwa', 'hh_www_authenticate_user'); + register_setting('http-headers-wwa', 'hh_www_authenticate_pswd'); + register_setting('http-headers-cc', 'hh_cache_control'); + register_setting('http-headers-cc', 'hh_cache_control_value'); + register_setting('http-headers-age', 'hh_age'); + register_setting('http-headers-age', 'hh_age_value'); + register_setting('http-headers-pra', 'hh_pragma'); + register_setting('http-headers-pra', 'hh_pragma_value'); + register_setting('http-headers-exp', 'hh_expires'); + register_setting('http-headers-exp', 'hh_expires_value'); + register_setting('http-headers-exp', 'hh_expires_type'); + register_setting('http-headers-con', 'hh_connection'); + register_setting('http-headers-con', 'hh_connection_value'); + register_setting('http-headers-cose', 'hh_cookie_security'); + register_setting('http-headers-cose', 'hh_cookie_security_value'); + register_setting('http-headers-ect', 'hh_expect_ct'); + register_setting('http-headers-ect', 'hh_expect_ct_max_age'); + register_setting('http-headers-ect', 'hh_expect_ct_report_uri'); + register_setting('http-headers-ect', 'hh_expect_ct_enforce'); + register_setting('http-headers-tao', 'hh_timing_allow_origin'); + register_setting('http-headers-tao', 'hh_timing_allow_origin_value'); + register_setting('http-headers-tao', 'hh_timing_allow_origin_url'); + register_setting('http-headers-che', 'hh_custom_headers'); + register_setting('http-headers-che', 'hh_custom_headers_value'); + register_setting('http-headers-xdo', 'hh_x_download_options'); + register_setting('http-headers-xdo', 'hh_x_download_options_value'); + register_setting('http-headers-xpcd', 'hh_x_permitted_cross_domain_policies'); + register_setting('http-headers-xpcd', 'hh_x_permitted_cross_domain_policies_value'); + register_setting('http-headers-xdpc', 'hh_x_dns_prefetch_control'); + register_setting('http-headers-xdpc', 'hh_x_dns_prefetch_control_value'); + register_setting('http-headers-rt', 'hh_report_to'); + register_setting('http-headers-rt', 'hh_report_to_value'); + register_setting('http-headers-fp', 'hh_feature_policy'); + register_setting('http-headers-fp', 'hh_feature_policy_value'); + register_setting('http-headers-fp', 'hh_feature_policy_feature'); + register_setting('http-headers-fp', 'hh_feature_policy_origin'); + register_setting('http-headers-pp', 'hh_permissions_policy'); + register_setting('http-headers-pp', 'hh_permissions_policy_value'); + register_setting('http-headers-pp', 'hh_permissions_policy_feature'); + register_setting('http-headers-pp', 'hh_permissions_policy_origin'); + register_setting('http-headers-csd', 'hh_clear_site_data'); + register_setting('http-headers-csd', 'hh_clear_site_data_value'); + register_setting('http-headers-cty', 'hh_content_type'); + register_setting('http-headers-cty', 'hh_content_type_value'); + register_setting('http-headers-corp', 'hh_cross_origin_resource_policy'); + register_setting('http-headers-corp', 'hh_cross_origin_resource_policy_value'); + register_setting('http-headers-nel', 'hh_nel'); + register_setting('http-headers-nel', 'hh_nel_value'); + register_setting('http-headers-coep', 'hh_cross_origin_embedder_policy'); + register_setting('http-headers-coep', 'hh_cross_origin_embedder_policy_value'); + register_setting('http-headers-coop', 'hh_cross_origin_opener_policy'); + register_setting('http-headers-coop', 'hh_cross_origin_opener_policy_value'); + register_setting('http-headers-rob', 'hh_x_robots_tag'); + register_setting('http-headers-rob', 'hh_x_robots_tag_value'); +} + +function http_headers_option($option) { + + include_once ABSPATH . 'wp-admin/includes/admin.php'; + + require_once ABSPATH . WPINC . '/pluggable.php'; + + if (isset($_POST['hh_method'])) + { + check_admin_referer('http-headers-mtd-options'); + if (!is_super_admin()) { + wp_redirect(sprintf("%soptions-general.php?page=http-headers&tab=advanced&status=ERR&code=102", get_admin_url())); + exit; + } + # When method is changed + http_headers_activate(); + + } elseif (is_apache_mode()) { + # When particular header is changed + switch (true) { + case array_key_exists('hh_www_authenticate', $_POST): + check_admin_referer('http-headers-wwa-options'); + update_auth_credentials(); + update_auth_directives(); + break; + case array_key_exists('hh_content_encoding', $_POST): + check_admin_referer('http-headers-ce-options'); + update_content_encoding_directives(); + break; + case array_key_exists('hh_content_type', $_POST): + check_admin_referer('http-headers-cty-options'); + update_content_type_directives(); + break; + case array_key_exists('hh_expires', $_POST): + check_admin_referer('http-headers-exp-options'); + update_expires_directives(); + break; + case array_key_exists('hh_cookie_security', $_POST): + check_admin_referer('http-headers-cose-options'); + update_cookie_security_directives(); + break; + case array_key_exists('hh_timing_allow_origin', $_POST): + check_admin_referer('http-headers-tao-options'); + update_timing_directives(); + break; + case array_key_exists('option_page', $_POST) && strpos($_POST['option_page'], 'http-headers-') === 0: + check_admin_referer($_POST['option_page'].'-options'); + update_headers_directives(); + break; + } + } +} + +function nginx_headers_directives() { + $lines = array(); + list($headers, , $unset, $append) = get_http_headers(); + + foreach ($unset as $header) { + $lines[] = sprintf(' more_clear_headers "%s";', $header); + } + $cors = $cors_header = $cors_inner = $cors_footer = array(); + $all = array(); + foreach ($headers as $key => $value) { + if (in_array($key, array('WWW-Authenticate'))) { + continue; + } + if (in_array($key, array('X-Content-Type-Options'))) { + $all[] = sprintf('add_header %s %s always;', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value)); + continue; + } + if ($key == 'Access-Control-Allow-Origin' && is_array($value)) { + $cors_header[] = sprintf('if ($http_origin ~* ^(%s)$) {', str_replace('.', '\.', join('|', $value))); + $cors_footer[] = '}'; + $cors_inner[] = ' add_header Access-Control-Allow-Origin "$http_origin";'; + if (!in_array('*', $value)) + { + $cors_inner[] = ' add_header Vary "Origin";'; + } + continue; + } + if (in_array($key, array('Access-Control-Allow-Headers', 'Access-Control-Allow-Methods', 'Access-Control-Allow-Credentials', 'Access-Control-Max-Age', 'Access-Control-Expose-Headers'))) { + $cors_inner[] = sprintf(' add_header %s %s;', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value)); + continue; + } + $lines[] = sprintf(' add_header %s %s;', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value)); + } + foreach ($append as $key => $value) { + $lines[] = sprintf(' add_header %s %s;', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value)); + } + if (!empty($cors_inner)) + { + $cors = array_merge( + $cors_header, + $cors_inner, + $cors_footer + ); + } + if (!empty($lines)) { + $lines = array_merge( + $all, + $cors, + array('location ~* \.(php|html)$ {'), + $lines, + array('}') + ); + } + return $lines; +} + +function nginx_content_encoding_directives() { + $lines = array(); + if (get_option('hh_content_encoding') == 1) { + + $lines[] = 'gzip on;'; + + $content_encoding_value = get_option('hh_content_encoding_value'); + if (!$content_encoding_value) { + $content_encoding_value = array(); + } + + $content_encoding_ext = get_option('hh_content_encoding_ext'); + if (!$content_encoding_ext) { + $content_encoding_ext = array(); + } + if (!empty($content_encoding_ext)) { + //$lines[] = sprintf('', join('|', array_keys($content_encoding_ext))); + } + if (!empty($content_encoding_value)) { + $lines[] = sprintf('gzip_types %s;', join(' ', array_keys($content_encoding_value))); + } + } + return $lines; +} + +function nginx_content_type_directives() { + $lines = array(); + if (get_option('hh_content_type') == 1) { + $values = get_option('hh_content_type_value', array()); + foreach ($values as $ext => $media_type) { + $lines[] = sprintf("%s %s;", $media_type, $ext); + } + } + + return $lines; +} + +function nginx_expires_directives() { + $lines = array(); + if (get_option('hh_expires') == 1) { + + $types = get_option('hh_expires_type', array()); + $values = get_option('hh_expires_value', array()); + + $lines[] = 'map $sent_http_content_type $expires {'; + foreach (array_keys($types) as $type) { + list($base, $period, $suffix) = explode('_', $values[$type]); + if (in_array($base, array('access', 'modification'))) { + $lines[] = $type != 'default' + ? sprintf(' %s %u%s;', $type, $period, $suffix[0]) + : sprintf(' default %u%s;', $period, $suffix[0]); + } elseif ($base == 'invalid') { + $lines[] = $type != 'default' + ? sprintf(' %s 0;', $type) + : sprintf(' default 0;'); + } + } + $lines[] = '}'; + + $lines[] = 'expires $expires;'; + } + return $lines; +} + +function nginx_timing_directives() { + $lines = array(); + if (get_option('hh_timing_allow_origin') == 1) { + $value = get_option('hh_timing_allow_origin_value'); + switch ($value) + { + case 'origin': + $value = get_option('hh_timing_allow_origin_url'); + break; + } + if (!empty($value)) + { + $lines[] = 'location ~* \.(js|css|jpe?g|png|gif|eot|otf|svg|ttf|woff2?)$ {'; + $lines[] = sprintf(' add_header Timing-Allow-Origin "%s";', $value); + $lines[] = '}'; + } + } + return $lines; +} + +function nginx_auth_directives() { + $lines = array(); + if (get_option('hh_www_authenticate') == 1) { + + $type = get_option('hh_www_authenticate_type'); + + $file = $type == 'Basic' ? get_htpasswd_filename() : get_htdigest_filename(); + + $lines[] = sprintf('location ~ ^%s$ {', str_replace('.', '\.', basename($file))); + $lines[] = ' deny all;'; + $lines[] = '}'; + + $lines[] = sprintf('location %s {', get_home_path()); + if ($type == 'Basic') { + $lines[] = sprintf(' auth_basic "%s";', get_option('hh_www_authenticate_realm')); + $lines[] = sprintf(' auth_basic_user_file %s;', $file); + } else { + $lines[] = sprintf(' auth_digest "%s";', get_option('hh_www_authenticate_realm')); + $lines[] = sprintf(' auth_digest_user_file %s;', $file); + } + $lines[] = '}'; + } + return $lines; +} + +function nginx_auth_credentials() { + return apache_auth_credentials(); +} + +function nginx_cookie_security_directives() { + $lines = array(); + + //TODO + + return $lines; +} + +function nginx_check_requirements() { + //TODO scheduled for v2.0.0 + return true; +} + +function iis_headers_directives() { + //TODO scheduled for v2.0.0 +} + +function iis_content_encoding_directives() { + //TODO scheduled for v2.0.0 +} + +function iis_content_type_directives() { + //TODO scheduled for v2.0.0 +} + +function iis_expires_directives() { + //TODO scheduled for v2.0.0 +} + +function iis_timing_directives() { + //TODO scheduled for v2.0.0 +} + +function iis_auth_directives() { + //TODO scheduled for v2.0.0 +} + +function iis_auth_credentials() { + //TODO scheduled for v2.0.0 +} + +function iis_cookie_security_directives() { + //TODO scheduled for v2.0.0 +} + +function iis_check_requirements() { + //TODO scheduled for v2.0.0 + return true; +} + +function apache_headers_directives() { + $lines = array(); + list($headers, , $unset, $append) = get_http_headers(); + + foreach ($unset as $header) { + $lines[] = sprintf(' Header always unset %s', $header); + $lines[] = sprintf(' Header unset %s', $header); + } + $all = array(); + foreach ($headers as $key => $value) { + if (in_array($key, array('WWW-Authenticate'))) { + continue; + } + if (in_array($key, array('X-Content-Type-Options'))) { + $all[] = sprintf(' Header always set %s %s', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value)); + continue; + } + if ($key == 'Strict-Transport-Security') { + $lines[] = sprintf(' Header set %s %s env=HTTPS', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value)); + continue; + } + if ($key == 'Access-Control-Allow-Origin') { + $all[] = ' '; + if (!is_array($value)) { + if ($value) { + $value = array($value); + } else { + $value = array(); + } + } + //$value[] = 'null'; + if (is_array($value)) + { + $all[] = sprintf(' SetEnvIf Origin "^(%s)$" CORS=$0', str_replace(array('.', '*'), array('\.', '.+'), join('|', $value))); + } else { + $all[] = ' SetEnvIf Origin "^(.+)$" CORS=$0'; + } + $all[] = ' '; + $all[] = ' Header set Access-Control-Allow-Origin %{CORS}e env=CORS'; + if (!in_array('*', $value)) + { + $all[] = ' Header append Vary "Origin" env=CORS'; + } + continue; + } + if (in_array($key, array('Access-Control-Allow-Headers', 'Access-Control-Allow-Methods', 'Access-Control-Allow-Credentials', 'Access-Control-Max-Age', 'Access-Control-Expose-Headers'))) { + $all[] = sprintf(' Header set %s %s env=CORS', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value)); + continue; + } + $lines[] = sprintf(' Header set %s %s', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value)); + } + foreach ($append as $key => $value) { + $lines[] = sprintf(' Header append %s %s', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value)); + } + if (!empty($lines) || !empty($all)) { + $lines = array_merge( + array(''), + $all, + array(' '), + $lines, + array(' ', '') + ); + } + return $lines; +} + +function apache_content_encoding_directives() { + $lines = array(); + if (get_option('hh_content_encoding') == 1) { + + $content_encoding_module = get_option('hh_content_encoding_module'); + + $module = 'mod_deflate.c'; + $filter = 'DEFLATE'; + $accept_encoding = 'gzip'; + + if ($content_encoding_module == 'brotli') { + $module = 'mod_brotli.c'; + $filter = 'BROTLI_COMPRESS'; + $accept_encoding = 'br'; + } + + $content_encoding_value = get_option('hh_content_encoding_value'); + if (!$content_encoding_value) { + $content_encoding_value = array(); + } + + $content_encoding_ext = get_option('hh_content_encoding_ext'); + if (!$content_encoding_ext) { + $content_encoding_ext = array(); + } + + $type = join('|', array_keys($content_encoding_value)); + $ext = join('|', array_keys($content_encoding_ext)); + + if (!empty($type) && !empty($ext)) { + $expression = sprintf('(%%{CONTENT_TYPE} =~ m#^(%1$s)# || %%{REQUEST_FILENAME} =~ /.(%2$s)$/)', $type, $ext); + } elseif (!empty($type)) { + $expression = sprintf('%%{CONTENT_TYPE} =~ m#^(%1$s)#', $type); + } elseif (!empty($ext)) { + $expression = sprintf('%%{REQUEST_FILENAME} =~ /.(%1$s)$/', $ext); + } + + if (isset($expression)) { + $lines[] = ''; + $lines[] = ' FilterDeclare HttpHeaders'; + if (in_array($content_encoding_module, array('brotli', 'deflate'))) { + $lines[] = sprintf('', $module); + $lines[] = sprintf(' FilterProvider HttpHeaders %1$s "%%{HTTP:Accept-Encoding} =~ /%2$s/ && %3$s"', $filter, $accept_encoding, $expression); + $lines[] = ' '; + } else { + $lines[] = ' '; + $lines[] = ' '; + $lines[] = sprintf(' FilterProvider HttpHeaders DEFLATE "%%{HTTP:Accept-Encoding} =~ /gzip/ && %1$s"', $expression); + $lines[] = ' '; + $lines[] = ' '; + $lines[] = ' '; + $lines[] = sprintf(' FilterProvider HttpHeaders BROTLI_COMPRESS "%%{HTTP:Accept-Encoding} =~ /br/ && %1$s"', $expression); + $lines[] = ' '; + } + $lines[] = ' FilterChain HttpHeaders'; + $lines[] = ''; + } + } + + return $lines; +} + +function apache_expires_directives() { + $lines = array(); + if (get_option('hh_expires') == 1) { + + $types = get_option('hh_expires_type', array()); + $values = get_option('hh_expires_value', array()); + if (!is_array($types)) + { + $types = array(); + } + if (!is_array($values)) + { + $values = array(); + } + + $lines[] = ''; + $lines[] = ' ExpiresActive On'; + foreach (array_keys($types) as $type) { + list($base, $period, $suffix) = explode('_', $values[$type]); + if (in_array($base, array('access', 'modification'))) { + $lines[] = $type != 'default' + ? sprintf(' ExpiresByType %s "%s plus %u %s"', $type, $base, $period, $suffix) + : sprintf(' ExpiresDefault "%s plus %u %s"', $base, $period, $suffix); + } elseif ($base == 'invalid') { + $lines[] = $type != 'default' + ? sprintf(' ExpiresByType %s A0', $type) + : sprintf(' ExpiresDefault A0'); + } + } + $lines[] = ''; + } + + return $lines; +} + +function apache_content_type_directives() { + $lines = array(); + if (get_option('hh_content_type') == 1) { + $values = get_option('hh_content_type_value', array()); + $lines[] = ''; + foreach ($values as $ext => $media_type) { + $lines[] = sprintf(" AddType %s .%s", $media_type, $ext); + } + $lines[] = ''; + } + + return $lines; +} + +function apache_timing_directives() { + $lines = array(); + if (get_option('hh_timing_allow_origin') == 1) { + $value = get_option('hh_timing_allow_origin_value'); + switch ($value) + { + case 'origin': + $value = get_option('hh_timing_allow_origin_url'); + break; + } + if (!empty($value)) + { + $lines[] = ''; + $lines[] = ' '; + $lines[] = sprintf(' Header set Timing-Allow-Origin "%s"', $value); + $lines[] = ' '; + $lines[] = ''; + } + } + + return $lines; +} + +function apache_auth_directives() { + $lines = array(); + if (get_option('hh_www_authenticate') == 1) { + + $type = get_option('hh_www_authenticate_type'); + + $file = $type == 'Basic' ? get_htpasswd_filename() : get_htdigest_filename(); + + $lines[] = sprintf('', str_replace('.', '\.', basename($file))); + $lines[] = ' '; + $lines[] = ' Require all denied'; + $lines[] = ' '; + $lines[] = ' '; + $lines[] = ' Order deny,allow'; + $lines[] = ' Deny from all'; + $lines[] = ' '; + $lines[] = ''; + // no empty AuthName + $realm = get_option('hh_www_authenticate_realm'); // AuthName + $realm = ($realm == '') ? 'restricted area':$realm; // Empty => give fixed value + + $lines[] = sprintf('', strtolower($type)); + $lines[] = sprintf(' AuthType %s', get_option('hh_www_authenticate_type')); + $lines[] = sprintf(' AuthName "%s"', $realm); + $lines[] = sprintf(' AuthUserFile "%s"', $file); + $lines[] = ' Require valid-user'; + $lines[] = ''; + } + + return $lines; +} + +function apache_auth_credentials() { + if (get_option('hh_www_authenticate') == 1) { + $type = get_option('hh_www_authenticate_type'); + $usernames = get_option('hh_www_authenticate_user', array()); + $passwords = get_option('hh_www_authenticate_pswd', array()); + if (!is_array($usernames)) { + $usernames = array($usernames); + } + if (!is_array($passwords)) { + $passwords = array($passwords); + } + $realm = get_option('hh_www_authenticate_realm'); + $auth = array(); + switch ($type) { + case 'Basic': + $ht_file = get_htpasswd_filename(); + foreach ($usernames as $k => $user) { + $auth[] = sprintf('%s:{SHA}%s', $user, base64_encode(sha1($passwords[$k], true))); + } + break; + case 'Digest': + $ht_file = get_htdigest_filename(); + foreach ($usernames as $k => $user) { + $auth[] = sprintf('%s:%s:%s', $user, $realm, md5($user.':'.$realm.':'.$passwords[$k])); + } + break; + } + $auth = join("\n", $auth); + + return compact('ht_file', 'auth'); + } + return false; +} + +function apache_cookie_security_directives() { + $lines = array(); + if (get_option('hh_cookie_security') == 1) { + $value = get_option('hh_cookie_security_value', array()); + $str = ''; + if (isset($value['HttpOnly'])) { + $str .= ';HttpOnly'; + } + if (isset($value['Secure'])) { + $str .= ';Secure'; + } + if (isset($value['SameSite']) && in_array($value['SameSite'], array('None', 'Lax', 'Strict'))) { + $str .= ';SameSite=' . $value['SameSite']; + } + if ($str) { + $lines[] = ''; + $lines[] = ' Header always edit Set-Cookie (.*) "$1'.$str.'"'; + $lines[] = ''; + } + } + + return $lines; +} + +function apache_check_requirements() { + return check_filename(get_htaccess_filename()); +} + +function update_headers_directives() { + $result = false; + if (is_apache_mode()) { + $lines = apache_headers_directives(); + $result = insert_with_markers(get_htaccess_filename(), "HttpHeaders", $lines); + } + + return $result; +} + +function update_content_encoding_directives() { + $lines = array(); + if (is_apache_mode()) { + $lines = apache_content_encoding_directives(); + } + + return insert_with_markers(get_htaccess_filename(), "HttpHeadersCompression", $lines); +} + +function update_expires_directives() { + $lines = array(); + if (is_apache_mode()) { + $lines = apache_expires_directives(); + } + + return insert_with_markers(get_htaccess_filename(), "HttpHeadersExpires", $lines); +} + +function update_content_type_directives() { + $lines = array(); + if (is_apache_mode()) { + $lines = apache_content_type_directives(); + } + + return insert_with_markers(get_htaccess_filename(), "HttpHeadersContentType", $lines); +} + +function update_timing_directives() { + $lines = array(); + if (is_apache_mode()) { + $lines = apache_timing_directives(); + } + + return insert_with_markers(get_htaccess_filename(), "HttpHeadersTiming", $lines); +} + +function update_auth_directives() { + $lines = array(); + if (is_apache_mode()) { + $lines = apache_auth_directives(); + } + + return insert_with_markers(get_htaccess_filename(), "HttpHeadersAuth", $lines); + } + +function update_auth_credentials() { + if (is_apache_mode()) { + $credentials = apache_auth_credentials(); + if (isset($credentials['ht_file']) && !empty($credentials['ht_file'])) + { + return @file_put_contents($credentials['ht_file'], $credentials['auth'], LOCK_EX); + } + } + + return false; +} + +function update_cookie_security_directives() { + $lines = array(); + $is_apache = is_apache_mode(); + $htaccess = get_htaccess_filename(); + $is_cgi = strpos(PHP_SAPI, 'cgi') !== false; + if ($is_cgi) { + $filename = get_user_ini_filename(); + $lines = php_cookie_security_directives(); + } elseif ($is_apache) { + $filename = $htaccess; + $lines = apache_cookie_security_directives(); + } + + if (!$is_apache) { + insert_with_markers($htaccess, "HttpHeadersCookieSecurity", array()); + } + + if ($is_cgi) { + return update_user_ini_filename($filename, "HttpHeadersCookieSecurity", $lines); + } + + return insert_with_markers($filename, "HttpHeadersCookieSecurity", $lines); +} + +function update_user_ini_filename($filename, $marker, $insertion) { + if (!is_array($insertion)) { + $insertion = explode("\n", $insertion); + } + + $start_marker = "; BEGIN " . $marker; + $end_marker = "; END " . $marker; + + $data = ""; + if (is_file($filename)) { + $data = @file_get_contents($filename); + } + + $string = $start_marker; + if ($insertion) + { + $string .= "\n".join("\n", $insertion); + } + $string .= "\n".$end_marker; + + $pattern = '/'.$start_marker.'.*'.$end_marker.'/isU'; + + if (preg_match($pattern, $data)) { + $data = preg_replace($pattern, $string, $data); + } else { + $data .= "\n".$string; + } + + $bytes = @file_put_contents($filename, $data, LOCK_EX); + + return !!$bytes; +} + +function is_php_mode() { + return get_option('hh_method') == 'php'; +} + +function is_apache_mode() { + return get_option('hh_method') == 'htaccess'; +} + +function is_samesite_supported() { + return version_compare(PHP_VERSION, '7.3.0', '>='); +} + +function http_headers_text_domain() { + load_plugin_textdomain('http-headers', false, basename( dirname( __FILE__ ) ) . '/languages/'); +} + +function http_headers_settings_link( $links ) { + $url = get_admin_url() . 'options-general.php?page=http-headers'; + $settings_link = '' . __('Settings', 'http-headers') . ''; + array_unshift( $links, $settings_link ); + return $links; +} + +function http_headers_after_setup_theme() { + add_filter('plugin_action_links_' . plugin_basename(__FILE__), 'http_headers_settings_link'); +} + +function http_headers_enqueue($hook) { + if ( 'http-headers.php' != $hook ) { + # FIXME + //return; + } + + wp_enqueue_script('http_headers_admin_scripts', plugin_dir_url( __FILE__ ) . 'assets/scripts.js', array(), '1.16.1', true); + wp_localize_script('http_headers_admin_scripts', 'hh', array( + 'lbl_delete' => __('Delete', 'http-headers'), + 'lbl_value' => __('Value', 'http-headers'), + 'lbl_remove_endpoint' => __('Remove endpoint', 'http-headers'), + 'lbl_remove_group' => __('Remove group', 'http-headers'), + )); + wp_enqueue_style('http_headers_admin_styles', plugin_dir_url( __FILE__ ) . 'assets/styles.css', array(), '1.16.1'); +} + +function http_headers_ajax_inspect() { + check_ajax_referer('inspect'); + if (current_user_can('manage_options')) { + include 'views/ajax-inspect.php'; + } + wp_die(); +} + +function check_filename($filename) { + if (!is_file($filename)) { + return -1; + } + + clearstatcache(); + if (!is_writable($filename)) { + return -2; + } + + return true; +} + +function get_web_server_filename() { + if (is_apache_mode()) { + return get_htaccess_filename(); + } + + return NULL; +} + +function check_web_server_requirements() { + if (is_apache_mode()) { + return apache_check_requirements(); + } + + return true; +} + +function check_php_requirements() { + if (strpos(PHP_SAPI, 'cgi') !== false) { + // cgi, cgi-fcgi, fpm-fcgi + return check_filename(get_user_ini_filename()); + } + + return true; +} + +function http_headers_logout() { + if (get_option('hh_clear_site_data') == 1) { + $values = get_option('hh_clear_site_data_value', array()); + $tmp = array_keys($values); + if ($tmp) { + header(sprintf('Clear-Site-Data: "%s"', join('", "', $tmp))); + } + } +} + +function http_headers_activate() { + update_headers_directives(); + update_auth_credentials(); + update_auth_directives(); + update_content_encoding_directives(); + update_content_type_directives(); + update_expires_directives(); + update_cookie_security_directives(); + update_timing_directives(); +} + +function http_headers_deactivate() { + $filename = get_htaccess_filename(); + + insert_with_markers($filename, "HttpHeaders", array()); + insert_with_markers($filename, "HttpHeadersCompression", array()); + insert_with_markers($filename, "HttpHeadersContentType", array()); + insert_with_markers($filename, "HttpHeadersExpires", array()); + insert_with_markers($filename, "HttpHeadersTiming", array()); + insert_with_markers($filename, "HttpHeadersAuth", array()); + insert_with_markers($filename, "HttpHeadersCookieSecurity", array()); +} + +function http_headers_pre_update_option($value, $option, $old_value) { + + if (in_array($option, array('hh_htaccess_path', 'hh_htdigest_path', 'hh_htpasswd_path', 'hh_user_ini_path', 'hh_method')) + && !is_super_admin()) + { + return $old_value; + } + + return $value; +} + +register_activation_hook(__FILE__, 'http_headers_activate'); +register_deactivation_hook(__FILE__, 'http_headers_deactivate'); +add_action('wp_logout', 'http_headers_logout'); + +if ( is_admin() ){ // admin actions + add_action('admin_menu', 'http_headers_admin_add_page'); + add_action('admin_init', 'http_headers_admin'); + add_filter('pre_update_option', 'http_headers_pre_update_option', 10, 3); + add_action('added_option', 'http_headers_option'); + add_action('updated_option', 'http_headers_option'); + add_action('admin_enqueue_scripts', 'http_headers_enqueue'); + add_action('after_setup_theme', 'http_headers_after_setup_theme'); + add_action('plugins_loaded', 'http_headers_text_domain'); + add_action('wp_ajax_inspect', 'http_headers_ajax_inspect'); +} else { + // non-admin enqueues, actions, and filters + add_action('send_headers', 'http_headers'); +} + +function http_headers_admin_page() { + include 'views/index.php'; +} \ No newline at end of file diff --git a/wp-content/plugins/http-headers/index.php b/wp-content/plugins/http-headers/index.php new file mode 100644 index 000000000..cf879a5e5 --- /dev/null +++ b/wp-content/plugins/http-headers/index.php @@ -0,0 +1,2 @@ +\n" +"Language-Team: Dimitar Ivanov \n" + +#: views/includes/config.inc.php:2 +msgid "Off" +msgstr "Изкл." + +#: views/includes/config.inc.php:2 +msgid "On" +msgstr "Вкл." + +#: includes/config.inc.php:5 +msgid "Security" +msgstr "Сигурност" + +#: includes/config.inc.php:6 +msgid "Access control" +msgstr "Контрол на достъпа" + +#: includes/config.inc.php:7 +msgid "Authentication" +msgstr "Удостоверяване" + +#: includes/config.inc.php:8 +msgid "Compression" +msgstr "Компресия" + +#: includes/config.inc.php:10 +msgid "Caching" +msgstr "Кеширане" + +#: includes/config.inc.php:11 +msgid "Miscellaneous" +msgstr "Общи" + +#: includes/breadcrumbs.inc.php:2 +msgid "Dashboard" +msgstr "Табло" + +#: includes/breadcrumbs.inc.php:11 +msgid "Advanced settings" +msgstr "Разширени настройки" + +#: includes/breadcrumbs.inc.php:13 +msgid "Inspect headers" +msgstr "Проверка на хедърите" + +#: views/index.php:13 +msgid "Error!" +msgstr "Грешка!" + +#: views/index.php:16 +msgid "The following file was not found. Please make sure the file exists and has write permissions:" +msgstr "Следният файл не бе намерен. Моля уверете се, че файла съществува и има права за писане:" + +#: views/index.php:18 +msgid "Please make sure the following file has write permissions:" +msgstr "Моля уверете се, че следният файл има права за писане:" + +#: views/index.php:28 +msgid "Warning!" +msgstr "Внимание!" + +#: views/index.php:40 +msgid "Quick links" +msgstr "Бързи връзки" + +#: views/index.php:41 +msgid "Getting started" +msgstr "Ръководство за начинаещи" + +#: views/index.php:43 +msgid "Manual setup" +msgstr "Ръчна настройка" + +#: views/dashboard.php:47 +msgid "Donate" +msgstr "Дари" + +#: views/dashboard.php:34 +msgid "Rate us" +msgstr "Оцени ни" + +#: views/dashboard.php:35 +msgid "Tell us what you think about this plugin" +msgstr "Кажете ни какво мислите за този плъгин" + +#: views/dashboard.php:35 +msgid "writing a review" +msgstr "като напишете ревю" + +#: views/dashboard.php:36 +msgid "Contribution" +msgstr "Принос" + +#: views/dashboard.php:37 +msgid "Help us to continue developing this plugin with a small donation." +msgstr "Помогнете ни да продължим да развиваме този плъгин с малко дарение." + +#: views/category.php:8 +msgid "Header" +msgstr "Хедър" + +#: views/category.php:9 +msgid "Value" +msgstr "Стойност" + +#: views/category.php:10 +msgid "Status" +msgstr "Статус" + +#: views/category.php:230 +msgid "Edit" +msgstr "Редактирай" + +#: views/category.php:223 +msgid "On" +msgstr "Вкл." + +#: views/category.php:223 +msgid "Off" +msgstr "Изкл." + +#: views/advanced.php:10 +msgid "Default mode" +msgstr "Режим по подразбиране" + +#: views/advanced.php:11 +msgid "Choose a method for sending of headers. Usually, the PHP method works perfectly. However, some third-party plugins like WP Super Cache may require switching to Apache method." +msgstr "Режима по подразбиране представлява технологията с която този плъгин изпраща хедърите. Използвайте PHP само ако никоя от останалите технологии не е налична." + +#: views/advanced.php:20 +msgid "Use PHP to send headers (deprecated)" +msgstr "PHP режим" + +#: views/advanced.php:21 +msgid "Use Apache (mod_headers) to send headers" +msgstr "Apache режим (препоръчва се)" + +#: views/advanced.php:209 +msgid "Only Super Admin users have access to this functionality." +msgstr "Само потребители с роля 'Супер Администратор' имат достъп до тази функционалност." + +#: views/access-control-allow-credentials.php:3 +msgid "The Access-Control-Allow-Credentials header indicates whether the response to request can be exposed when the credentials flag is true." +msgstr "Access-Control-Allow-Credentials хедъра посочва дали в отговор на заявка може да се съдържат идентификационни данни." + +#: views/access-control-allow-credentials.php:10 +msgid "Read more at" +msgstr "Прочети повече на" + +#: views/access-control-allow-credentials.php:11 +msgid "MDN Web Docs" +msgstr "MDN Web Docs" + +#: views/access-control-allow-headers.php:3 +msgid "The Access-Control-Allow-Headers header is returned by the server in a response to a preflight request and informs the browser about the HTTP headers that can be used in the actual request." +msgstr "Access-Control-Allow-Headers хедъра се връща от сървъра в отговор на preflight заявка и информира браузъра за HTTP хедърите които могат да се използват в действителната заявка." + +#: views/access-control-allow-methods.php:3 +msgid "The Access-Control-Allow-Methods header is returned by the server in a response to a preflight request and informs the browser about the HTTP methods that can be used in the actual request." +msgstr "Access-Control-Allow-Methods хедъра се връща от сървъра в отговор на preflight заявка и информира браузъра за HTTP методите които могат да се използват в действителната заявка." + +#: views/access-control-allow-origin.php:3 +msgid "The Access-Control-Allow-Origin header indicates whether a resource can be shared." +msgstr "Access-Control-Allow-Origin хедъра посочва дали един ресурс (например шрифт) може да се ползва от външни origins и кои са позволените такива." + +#: views/access-control-allow-origin.php:65 +msgid "Add origin" +msgstr "Добави origin" + +#: views/access-control-expose-headers.php:3 +msgid "The Access-Control-Expose-Headers response header brings information about headers that browsers could allow accessing." +msgstr "Access-Control-Expose-Headers хедъра носи информация за хедърите които браузърите биха могли да позволят достъп до тях." + +#: views/access-control-max-age.php:3 +msgid "The Access-Control-Max-Age header indicates how much time, the result of a preflight request, can be cached." +msgstr "Access-Control-Max-Age хедъра показва колко време резултатът от preflight искането може да бъде кеширан." + +#: views/age.php:3 +msgid "The Age header contains the time in seconds the object has been in a proxy cache." +msgstr "Age хедъра съдържа времето в секунди които обектът е бил в кеша на прокси сървъра. Приема само положителни цели числа и обикновено е близо до 0." + +#: views/age.php:21 +msgid "seconds" +msgstr "секунди" + +#: views/cache-control.php:3 +msgid "The Cache-Control general-header field is used to specify directives for caching mechanisms in both, requests and responses. Caching directives are unidirectional, meaning that a given directive in a request is not implying that the same directive is to be given in the response." +msgstr "Cache-Control хедъра се използва за уточняване на директивите за механизмите на кеширане, както в исканията, така и в отговорите. Директивите за кеширането са еднопосочни, което означава, че дадена директива в искането не означава, че в отговора трябва да бъде върната същата директива." + +#: views/connection.php:3 +msgid "The Connection general header controls whether or not the network connection stays open after the current transaction finishes. If the value sent is keep-alive, the connection is persistent and not closed, allowing for subsequent requests to the same server to be done." +msgstr "Connection хедъра контролира дали мрежовата връзка да остане отворена след завършване на текущата транзакция. Ако изпратената стойност е 'keep-alive', връзката е постоянна и не се затваря, което позволява да бъдат извършени последващите заявки към същия сървър." + +#: views/content-encoding.php:3 +msgid "Compression is an important way to increase the performance of a Web site. For some documents, size reduction of up to 70% lowers the bandwidth capacity needs." +msgstr "Компресирането е важен начин за увеличаване на ефективността на един уеб сайт. За някои документи, намаляването на размера им до 70% понижава нуждата от по-висок капацитет на честотната лента." + +#: views/content-encoding.php:28 +msgid "Module" +msgstr "Модул" + +#: views/content-encoding.php:53 +msgid "By content type" +msgstr "По съдържание" + +#: views/content-encoding.php:98 +msgid "By extension" +msgstr "По разширение" + +#: views/content-security-policy.php:6 +msgid "Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware." +msgstr "Content Security Policy (CSP) хедъра е допълнителен слой за сигурност, който помага за откриването и смекчаването на определени видове атаки, включително Cross Site Scripting (XSS) и атаки с инжектиране на данни. Тези атаки се използват за всичко, от кражбата на данни до site defacement (частична или пълна подмяна на сайта) или разпространението на злонамерен софтуер." + +#: views/content-security-policy.php:32 +msgid "Directive" +msgstr "Директива" + +#: views/content-security-policy.php:12 +msgid "for reporting-only purposes" +msgstr "генерира само отчет/доклад" + +#: views/content-type.php:8 +msgid "The Content-Type entity header is used to indicate the media type of the resource. In responses, a Content-Type header tells the client what the content type of the returned content actually is. Browsers will do MIME sniffing in some cases and will not necessarily follow the value of this header; to prevent this behavior, the header X-Content-Type-Options can be set to nosniff." +msgstr "Content-Type хедъра се използва за посочване на типа медия на ресурса. В отговорите на сървъра, Content-Type хедъра казва на клиента какъв всъщност е типа на върнатото съдържание. Браузърите ще направят MIME проврека в някои случаи и не е задължително да следват стойността на този хедър; за да се предотврати това поведение, хедъра X-Content-Type-Options може да бъде настроен с nosniff стойността." + +#: views/cookie-security.php:8 +msgid "A secure cookie is only sent to the server with a encrypted request over the HTTPS protocol." +msgstr "Сигурните (Secure) 'бисквитки' се изпращат към сървъра само при криптирани заявки чрез HTTPS протокола." + +#: views/cookie-security.php:9 +msgid "To prevent cross-site scripting (XSS) attacks, HttpOnly cookies are inaccessible to JavaScript's Document.cookie API; they are only sent to the server." +msgstr "За да се предотвратят атаки между сървъри (XSS), HttpOnly 'бисквитките' са недостъпни за JavaScript's Document.cookie API; те се изпращат само до сървъра." + +#: views/cookie-security.php:10 +msgid "SameSite prevents the browser from sending this cookie along with cross-site requests. The main goal is mitigate the risk of cross-origin information leakage. It also provides some protection against cross-site request forgery attacks." +msgstr "SameSite не позволява на браузъра да изпраща 'бисквитката' заедно с cross-site заявки. Основната цел е да се намали рискът от изтичане на информация от различни източници. Също така осигурява известна защита срещу CSRF атаки." + +#: views/cookie-security.php:45 +msgid "(PHP 7.3+ only)" +msgstr "(поддържа се само от PHP 7.3+)" + +#: views/cross-origin-resource-policy.php:8 +msgid "The HTTP Cross-Origin-Resource-Policy response header conveys a desire that the browser blocks no-cors cross-origin/cross-site requests to the given resource." +msgstr "HTTP Cross-Origin-Resource-Policy хедъра изразява желание браузърът да блокира no-cors cross-origin/cross-site заявки за даден ресурс." + +#: views/cross-origin-embedder-policy.php:8 +msgid "The HTTP Cross-Origin-Embedder-Policy (COEP) response header prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS)." +msgstr "The HTTP Cross-Origin-Embedder-Policy (COEP) response header prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS)." + +#: views/cross-origin-opener-policy.php:8 +msgid "The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents." +msgstr "The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents." + +#: views/cross-origin-opener-policy.php:9 +msgid "COOP will process-isolate your document and potential attackers can't access to your global object if they were opening it in a popup, preventing a set of cross-origin attacks dubbed XS-Leaks." +msgstr "COOP will process-isolate your document and potential attackers can't access to your global object if they were opening it in a popup, preventing a set of cross-origin attacks dubbed XS-Leaks." + +#: views/cross-origin-opener-policy.php:10 +msgid "If a cross-origin document with COOP is opened in a new window, the opening document will not have a reference to it, and the window.opener property of the new window will be null. This allows you to have more control over references to a window than rel=noopener, which only affects outgoing navigations." +msgstr "If a cross-origin document with COOP is opened in a new window, the opening document will not have a reference to it, and the window.opener property of the new window will be null. This allows you to have more control over references to a window than rel=noopener, which only affects outgoing navigations." + +#: views/custom-headers.php:3 +msgid "Common non-standard response fields:" +msgstr "Често срещани нестандартни хедъри:" + +#: views/custom-headers.php:73 +msgid "Add header" +msgstr "Добави хедър" + +#: views/custom-headers.php:66 +msgid "Delete" +msgstr "Изтрий" + +#: views/expect-ct.php:3 +msgid "Expect-CT is an HTTP header that allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. When a site enables the Expect-CT header, they are requesting that Chrome check that any certificate for that site appears in public CT logs." +msgstr "Expect-CT е хедър, който позволява на сайтовете да се включат в отчитането и/или изпълнението на изискванията за прозрачност на сертификатите, което пречи на използването на невалидни сертификати за този сайт да останат незабелязани. Когато даден сайт активира заглавката Expect-CT, те искат Chrome да провери дали всеки сертификат за този сайт фигурира в обществени CT регистри." + +#: views/expires.php:3 +msgid "The Expires header contains the date/time after which the response is considered stale." +msgstr "Expires хедъра съдържа датата и времето след което отговорът се счита за остарял." + +#: views/expires.php:4 +msgid "Invalid dates, like the value 0, represent a date in the past and mean that the resource is already expired." +msgstr "Невалидни дати, като стойноста 0, представляват дата в миналото и означават, че ресурсът вече е изтекъл." + +#: views/expires.php:5 +msgid "If there is a Cache-Control header with the 'max-age' or 's-max-age' directive in the response, the Expires header is ignored." +msgstr "Ако в отговора има 'Cache-Control' хедър с една от директивите 'max-age' или 's-max-age', тогава Expires хедъра се игнорира." + +#: views/expires.php:6 +msgid "* Works only in Apache mode" +msgstr "* Работи само в режим Apache" + +#: views/feature-policy.php:8 +msgid "With Feature Policy, you opt-in to a set of policies for the browser to enforce on specific features used throughout your site. These policies restrict what APIs the site can access or modify the browser's default behavior for certain features." +msgstr "С Feature Policy хедъра се присъединявате към набор от правила, които браузърът може да прилага по отношение на конкретни функции, използвани в сайта Ви. Тези правила ограничават какви API може да има достъп до сайта или да променя поведението му по подразбиране за определени функции." + +#: views/p3p.php:3 +msgid "The Platform for Privacy Preferences Project (P3P) is a protocol allowing websites to declare their intended use of information they collect about web browser users." +msgstr "P3P е протокол, позволяващ на уебсайтовете да декларират предназначението на информацията, която събират за уеб потребителите." + +#: views/pragma.php:3 +msgid "The Pragma HTTP/1.0 general header is an implementation-specific header that may have various effects along the request-response chain. It is used for backwards compatibility with HTTP/1.0 caches where the Cache-Control HTTP/1.1 header is not yet present." +msgstr "Pragma хедъра, част от HTTP/1.0 протокола, е специфичен за внедряване, който може да има различни ефекти по веригата на заявка-отговор. Използва се за обратна съвместимост с HTTP/1.0 кеширане, където Cache-Control хедъра, част от HTTP/1.1 протокола, все още не е налице." + +#: views/referrer-policy.php:3 +msgid "The Referrer-Policy HTTP header governs which referrer information, sent in the Referer header, should be included with requests made." +msgstr "Referrer-Policy хедъра указва коя референтна информация, изпратена в Referer хедъра, трябва да бъде включена при направени заявки." + +#: views/nel.php:8 +msgid "Network Error Logging is a mechanism that can be configured via the NEL HTTP response header. This experimental header allows web sites and applications to opt-in to receive reports about failed (and, if desired, successful) network fetches from supporting browsers." +msgstr "Network Error Logging е механизъм, който може да бъде конфигуриран чрез NEL хедъра. Този експериментален хедър позволява на уебсайтовете и приложенията да се включат, за да получават отчети за неуспешни (и по желание успешни) мрежови заявки от поддържащи браузъри." + +#: views/report-to.php:3 +msgid "The Report-To HTTP response header field instructs the user agent to store reporting endpoints for an origin." +msgstr "Report-To хедъра казва на потребителския агент (браузър) да съхранява крайните точки за отчитане за даден origin." + +#: views/report-to.php:110 +msgid "Add endpoint" +msgstr "Добави крайна точка" + +#: views/report-to.php:114 +msgid "Remove endpoint" +msgstr "Премахни крайна точка" + +#: views/report-to.php:126 +msgid "Remove group" +msgstr "Премахни група" + +#: views/report-to.php:171 +msgid "Add endpoint group" +msgstr "Добави група" + +#: views/strict-transport-security.php:3 +msgid "HTTP Strict-Transport-Security (HSTS) enforces secure (HTTP over SSL/TLS) connections to the server. This reduces impact of bugs in web applications leaking session data through cookies and external links and defends against Man-in-the-middle attacks. HSTS also disables the ability for user's to ignore SSL negotiation warnings." +msgstr "HTTP Strict-Transport-Security (HSTS) налага сигурни (HTTP over SSL/TLS) връзки към сървъра. Това намалява въздействието на бъгове в уеб приложенията, изтичащи сесийни данни чрез 'бисквитки' и външни връзки и защитава срещу атаки от вида 'човек-в-средата' (Man-in-the-middle). HSTS също така забранява възможността потребителят да пренебрегва предупрежденията за преговори по SSL." + +#: views/timing-allow-origin.php:3 +msgid "The Timing-Allow-Origin header indicates whether a resource provides the complete timing information. SEO tools use the Resource Timing API to analyze the speed and weight of your web page resources." +msgstr "Timing-Allow-Origin хедъра показва дали даден ресурс предоставя пълната информация за времето. SEO инструментите използват Resource Timing API, за да анализират скоростта и теглото на ресурсите на уеб страниците." + +#: views/vary.php:3 +msgid "The Vary HTTP response header determines how to match future request headers to decide whether a cached response can be used rather than requesting a fresh one from the origin server. It is used by the server to indicate which headers it used when selecting a representation of a resource in a content negotiation algorithm." +msgstr "Vary хедъра определя как да се сравняват хедърите на бъдещите заявки, за да се реши дали може да се използва кеширана заявка, а не да се поиска нова от сървъра. Той се използва от сървъра, за да посочи кои хедъри използва при избора на представяне на ресурс в алгоритъма за договаряне на съдържание." + +#: views/www-authenticate.php:3 +msgid "HTTP supports the use of several authentication mechanisms to control access to pages and other resources. These mechanisms are all based around the use of the 401 status code and the WWW-Authenticate response header." +msgstr "HTTP поддържа няколко механизма за удостоверяване, за да контролира достъпа до страници и други ресурси. Всички тези механизми се основават на използването на 401 кода на състоянието и на WWW-Authenticate хедъра." + +#: views/www-authenticate.php:79 +msgid "Add user" +msgstr "Добави потребител" + +#: views/www-authenticate.php:43 +msgid "Username" +msgstr "Потребител" + +#: views/www-authenticate.php:44 +msgid "Password" +msgstr "Парола" + +#: views/x-content-type-options.php:3 +msgid "Prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions. This reduces exposure to drive-by download attacks and sites serving user uploaded content that, by clever naming, could be treated by MSIE as executable or dynamic HTML files." +msgstr "Предотвратява Internet Explorer и Google Chrome от MIME-sniffing на отговор извън обявения тип съдържание. Това важи и за Google Chrome, когато изтегляте разширения. Това намалява излагането на атаки за изтегляне и страници, показващи качено от потребителите съдържание, което чрез подходящо име може да бъде третирано от MSIE като изпълним или динамичен HTML файл." + +#: views/x-dns-prefetch-control.php:3 +msgid "The X-DNS-Prefetch-Control HTTP response header controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth." +msgstr "X-DNS-Prefetch-Control хедъра контролира предварителното изтегляне на DNS - функция, чрез която браузърите проактивно преобразуват домейн име към IP адрес и на двете: линкове, които потребителят може да последва, както и URL адреси за елементите, посочени от документа, включително изображения, CSS, JavaScript и т.н." + +#: views/x-dns-prefetch-control.php:4 +msgid "This prefetching is performed in the background, so that the DNS is likely to have been resolved by the time the referenced items are needed. This reduces latency when the user clicks a link." +msgstr "Това предварително зареждане се извършва във фонов режим, така че DNS е вероятно да бъде resolved до момента, в който са необходими референтните елементи. Това намалява латентността, когато потребителят кликне върху връзка." + +#: views/x-download-options.php:3 +msgid "For web applications that need to serve untrusted HTML files, Microsoft IE introduced a mechanism to help prevent the untrusted content from compromising your site's security. When the X-Download-Options header is present with the value noopen, the user is prevented from opening a file download directly; instead, they must first save the file locally. When the locally saved file is later opened, it no longer executes in the security context of your site, helping to prevent script injection." +msgstr "За уеб приложения, които трябва да обслужват ненадеждни HTML файлове, Microsoft IE въведе механизъм за предотвратяване на несигурното съдържание от компрометиране на сигурността на сайта ви. Когато X-Download-Options хедъра е налице със стойността noopen, потребителят е възпрепятстван да отваря директно файл за изтегляне; вместо това те трябва първо да запазят файла локално. Когато локално запазеният файл се отвори по-късно, той вече не се изпълнява в контекста за сигурност на вашия сайт, което помага да се предотврати инжектирането на скриптове." + +#: views/x-frame-options.php:3 +msgid "This header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object>. Use this to avoid clickjacking attacks." +msgstr "Този хедър може за се използва за индикация дали е позволено на браузъра да зарежда страница в <frame>, <iframe> или <object>. Използвайте този хедър за да избегнете clickjacking атаки." + +#: views/x-permitted-cross-domain-policies.php:3 +msgid "A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains." +msgstr "Файла полица за кръстосани домейни е XML документ, който предоставя на уеб клиент като Adobe Flash Player или Adobe Acrobat разрешение за обработка на данни между домейни." + +#: views/x-powered-by.php:3 +msgid "Specifies the technology (e.g. ASP.NET, PHP, JBoss, Express) supporting the web application, i.e. the scripting language. It is recommended to remove it or provide misleading information to throw off hackers that might target a particular technology/version." +msgstr "Определя технологията (например ASP.NET, PHP, JBoss, Express), поддържаща уеб приложението, т.е. скрипт езика. Препоръчително е да го премахнете или да предоставите подвеждаща информация, за да отклоните хакери, които биха могли да се насочат към определена технология/версия." + +#: views/x-robots-tag.php:8 +msgid 'The X-Robots-Tag HTTP header is used to indicate how a web page is to be indexed within public search engine results. The header is effectively equivalent to <meta name="robots" content="...">.' +msgstr 'X-Robots-Tag HTTP хедъра се използва, за да покаже как да се индексира уеб страница в резултатите от публичната търсачка. Хедъра е ефективно еквивалентен на <meta name="robots" content="...">.' + +#: views/x-robots-tag.php:11 +msgid "Google Search Central" +msgstr "Google Search Central" + +#: views/x-ua-compatible.php:3 +msgid "In some cases, it might be necessary to restrict a webpage to a document mode supported by an older version of Windows Internet Explorer. Here we look at the x-ua-compatible header, which allows a webpage to be displayed as if it were viewed by an earlier version of the browser." +msgstr "В някои случаи може да е необходимо да ограничите уеб страница до режим на документи, поддържан от по-стара версия на Windows Internet Explorer. X-UA-Compatible хедъра позволява на уеб страницата да се показва така, сякаш е била разглеждана от по-ранна версия на браузъра." + +#: views/x-xss-protection.php:3 +msgid "This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. It's usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user." +msgstr "Този хедър активира вградения филтър за Cross-site scripting (XSS) в най-новите уеб браузъри. Обикновено това е активирано по подразбиране така, че ролята на този хедър е да активира отново филтъра за този конкретен уебсайт, ако е бил деактивиран от потребителя." + +#: views/inspect.php:19 +msgid "Use this tool to inspect the HTTP headers of your website or your competitor's website." +msgstr "Използвайте този инструмент, за да проверите HTTP хедърите на уебсайта си или уебсайта на вашия конкурент." + +#: views/inspect.php:35 +msgid "Auth Type" +msgstr "Тип удостоверяване" + +#: views/inspect.php:52 +msgid "Inspect" +msgstr "Провери" + +#: views/ajax.php:123 +msgid "Category" +msgstr "Категория" + +#: views/ajax.php:118 +msgid "Missing headers" +msgstr "Липсващи хедъри" + +#: views/ajax.php:72 +msgid "Response headers" +msgstr "Хедъри в отговора" + +#: views/ajax.php:45 +msgid "HTTP status" +msgstr "HTTP статус" + +#: views/ajax.php:17 +msgid "URL malformed" +msgstr "Неправилен URL" + +#: http-headers.php:1110 +msgid "Settings" +msgstr "Настройки" \ No newline at end of file diff --git a/wp-content/plugins/http-headers/languages/http-headers.pot b/wp-content/plugins/http-headers/languages/http-headers.pot new file mode 100644 index 000000000..3d3d71bf8 --- /dev/null +++ b/wp-content/plugins/http-headers/languages/http-headers.pot @@ -0,0 +1,457 @@ +# Copyright (C) 2017 HTTP Headers +# This file is distributed under the same license as the HTTP Headers package. +msgid "" +msgstr "" +"Project-Id-Version: HTTP Headers\n" +"POT-Creation-Date: 2017-17-12 19:26:00+02:00\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"MIME-Version: 1.0\n" +"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/http-headers\n" +"PO-Revision-Date: 2017-17-12 19:26:00+02:00\n" +"Last-Translator: FULL NAME \n" +"Language-Team: LANGUAGE \n" + +#: views/includes/config.inc.php:2 +msgid "Off" +msgstr "" + +#: views/includes/config.inc.php:2 +msgid "On" +msgstr "" + +#: views/includes/config.inc.php:5 +msgid "Security" +msgstr "" + +#: views/includes/config.inc.php:6 +msgid "Access control" +msgstr "" + +#: views/includes/config.inc.php:7 +msgid "Authentication" +msgstr "" + +#: views/includes/config.inc.php:8 +msgid "Compression" +msgstr "" + +#: views/includes/config.inc.php:9 +msgid "Caching" +msgstr "" + +#: views/includes/config.inc.php:10 +msgid "Miscellaneous" +msgstr "" + +#: views/includes/breadcrumbs.inc.php:2 +msgid "Dashboard" +msgstr "" + +#: views/includes/breadcrumbs.inc.php:11 +msgid "Advanced settings" +msgstr "" + +#: views/includes/breadcrumbs.inc.php:13 +msgid "Inspect headers" +msgstr "" + +#: views/index.php:13 +msgid "Error!" +msgstr "" + +#: views/index.php:16 +msgid "The following file was not found. Please make sure the file exists and has write permissions:" +msgstr "" + +#: views/index.php:18 +msgid "Please make sure the following file has write permissions:" +msgstr "" + +#: views/index.php:28 +msgid "Warning!" +msgstr "" + +#: views/index.php:40 +msgid "Quick links" +msgstr "" + +#: views/index.php:41 +msgid "Getting started" +msgstr "" + +#: views/index.php:43 +msgid "Manual setup" +msgstr "" + +#: views/dashboard.php:47 +msgid "Donate" +msgstr "" + +#: views/dashboard.php:34 +msgid "Rate us" +msgstr "" + +#: views/dashboard.php:35 +msgid "Tell us what you think about this plugin" +msgstr "" + +#: views/dashboard.php:35 +msgid "writing a review" +msgstr "" + +#: views/dashboard.php:36 +msgid "Contribution" +msgstr "" + +#: views/dashboard.php:37 +msgid "Help us to continue developing this plugin with a small donation." +msgstr "" + +#: views/category.php:8 +msgid "Header" +msgstr "" + +#: views/category.php:9 +msgid "Value" +msgstr "" + +#: views/category.php:10 +msgid "Status" +msgstr "" + +#: views/category.php:230 +msgid "Edit" +msgstr "" + +#: views/category.php:223 +msgid "On" +msgstr "" + +#: views/category.php:223 +msgid "Off" +msgstr "" + +#: views/advanced.php:10 +msgid "Default mode" +msgstr "" + +#: views/advanced.php:11 +msgid "Choose a method for sending of headers. Usually, the PHP method works perfectly. However, some third-party plugins like WP Super Cache may require switching to Apache method." +msgstr "" + +#: views/advanced.php:20 +msgid "Use PHP to send headers (deprecated)" +msgstr "" + +#: views/advanced.php:21 +msgid "Use Apache (mod_headers) to send headers" +msgstr "" + +#: views/advanced.php:209 +msgid "Only Super Admin users have access to this functionality." +msgstr "" + +#: views/access-control-allow-credentials.php:3 +msgid "The Access-Control-Allow-Credentials header indicates whether the response to request can be exposed when the credentials flag is true." +msgstr "" + +#: views/access-control-allow-credentials.php:10 +msgid "Read more at" +msgstr "" + +#: views/access-control-allow-credentials.php:11 +msgid "MDN Web Docs" +msgstr "" + +#: views/access-control-allow-headers.php:3 +msgid "The Access-Control-Allow-Headers header is returned by the server in a response to a preflight request and informs the browser about the HTTP headers that can be used in the actual request." +msgstr "" + +#: views/access-control-allow-methods.php:3 +msgid "The Access-Control-Allow-Methods header is returned by the server in a response to a preflight request and informs the browser about the HTTP methods that can be used in the actual request." +msgstr "" + +#: views/access-control-allow-origin.php:3 +msgid "The Access-Control-Allow-Origin header indicates whether a resource can be shared." +msgstr "" + +#: views/access-control-allow-origin.php:65 +msgid "Add origin" +msgstr "" + +#: views/access-control-expose-headers.php:3 +msgid "The Access-Control-Expose-Headers response header brings information about headers that browsers could allow accessing." +msgstr "" + +#: views/access-control-max-age.php:3 +msgid "The Access-Control-Max-Age header indicates how much time, the result of a preflight request, can be cached." +msgstr "" + +#: views/age.php:3 +msgid "The Age header contains the time in seconds the object has been in a proxy cache." +msgstr "" + +#: views/age.php:21 +msgid "seconds" +msgstr "" + +#: views/cache-control.php:3 +msgid "The Cache-Control general-header field is used to specify directives for caching mechanisms in both, requests and responses. Caching directives are unidirectional, meaning that a given directive in a request is not implying that the same directive is to be given in the response." +msgstr "" + +#: views/connection.php:3 +msgid "The Connection general header controls whether or not the network connection stays open after the current transaction finishes. If the value sent is keep-alive, the connection is persistent and not closed, allowing for subsequent requests to the same server to be done." +msgstr "" + +#: views/content-encoding.php:3 +msgid "Compression is an important way to increase the performance of a Web site. For some documents, size reduction of up to 70% lowers the bandwidth capacity needs." +msgstr "" + +#: views/content-encoding.php:28 +msgid "Module" +msgstr "" + +#: views/content-encoding.php:53 +msgid "By content type" +msgstr "" + +#: views/content-encoding.php:98 +msgid "By extension" +msgstr "" + +#: views/content-security-policy.php:6 +msgid "Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware." +msgstr "" + +#: views/content-security-policy.php:32 +msgid "Directive" +msgstr "" + +#: views/content-security-policy.php:12 +msgid "for reporting-only purposes" +msgstr "" + +#: views/content-type.php:8 +msgid "The Content-Type entity header is used to indicate the media type of the resource. In responses, a Content-Type header tells the client what the content type of the returned content actually is. Browsers will do MIME sniffing in some cases and will not necessarily follow the value of this header; to prevent this behavior, the header X-Content-Type-Options can be set to nosniff." +msgstr "" + +#: views/cookie-security.php:8 +msgid "A secure cookie is only sent to the server with a encrypted request over the HTTPS protocol." +msgstr "" + +#: views/cookie-security.php:9 +msgid "To prevent cross-site scripting (XSS) attacks, HttpOnly cookies are inaccessible to JavaScript's Document.cookie API; they are only sent to the server." +msgstr "" + +#: views/cookie-security.php:10 +msgid "SameSite prevents the browser from sending this cookie along with cross-site requests. The main goal is mitigate the risk of cross-origin information leakage. It also provides some protection against cross-site request forgery attacks." +msgstr "" + +#: views/cookie-security.php:45 +msgid "(PHP 7.3+ only)" +msgstr "" + +#: views/cross-origin-resource-policy.php:8 +msgid "The HTTP Cross-Origin-Resource-Policy response header conveys a desire that the browser blocks no-cors cross-origin/cross-site requests to the given resource." +msgstr "" + +#: views/cross-origin-embedder-policy.php:8 +msgid "The HTTP Cross-Origin-Embedder-Policy (COEP) response header prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS)." +msgstr "" + +#: views/cross-origin-opener-policy.php:8 +msgid "The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents." +msgstr "" + +#: views/cross-origin-opener-policy.php:9 +msgid "COOP will process-isolate your document and potential attackers can't access to your global object if they were opening it in a popup, preventing a set of cross-origin attacks dubbed XS-Leaks." +msgstr "" + +#: views/cross-origin-opener-policy.php:10 +msgid "If a cross-origin document with COOP is opened in a new window, the opening document will not have a reference to it, and the window.opener property of the new window will be null. This allows you to have more control over references to a window than rel=noopener, which only affects outgoing navigations." +msgstr "" + +#: views/custom-headers.php:3 +msgid "Common non-standard response fields:" +msgstr "" + +#: views/custom-headers.php:73 +msgid "Add header" +msgstr "" + +#: views/custom-headers.php:66 +msgid "Delete" +msgstr "" + +#: views/expect-ct.php:3 +msgid "Expect-CT is an HTTP header that allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. When a site enables the Expect-CT header, they are requesting that Chrome check that any certificate for that site appears in public CT logs." +msgstr "" + +#: views/expires.php:3 +msgid "The Expires header contains the date/time after which the response is considered stale." +msgstr "" + +#: views/expires.php:4 +msgid "Invalid dates, like the value 0, represent a date in the past and mean that the resource is already expired." +msgstr "" + +#: views/expires.php:5 +msgid "If there is a Cache-Control header with the 'max-age' or 's-max-age' directive in the response, the Expires header is ignored." +msgstr "" + +#: views/expires.php:6 +msgid "* Works only in Apache mode" +msgstr "" + +#: views/feature-policy.php:8 +msgid "With Feature Policy, you opt-in to a set of policies for the browser to enforce on specific features used throughout your site. These policies restrict what APIs the site can access or modify the browser's default behavior for certain features." +msgstr "" + +#: views/p3p.php:3 +msgid "The Platform for Privacy Preferences Project (P3P) is a protocol allowing websites to declare their intended use of information they collect about web browser users." +msgstr "" + +#: views/pragma.php:3 +msgid "The Pragma HTTP/1.0 general header is an implementation-specific header that may have various effects along the request-response chain. It is used for backwards compatibility with HTTP/1.0 caches where the Cache-Control HTTP/1.1 header is not yet present." +msgstr "" + +#: views/referrer-policy.php:3 +msgid "The Referrer-Policy HTTP header governs which referrer information, sent in the Referer header, should be included with requests made." +msgstr "" + +#: views/nel.php:8 +msgid "Network Error Logging is a mechanism that can be configured via the NEL HTTP response header. This experimental header allows web sites and applications to opt-in to receive reports about failed (and, if desired, successful) network fetches from supporting browsers." +msgstr "" + +#: views/report-to.php:3 +msgid "The Report-To HTTP response header field instructs the user agent to store reporting endpoints for an origin." +msgstr "" + +#: views/report-to.php:110 +msgid "Add endpoint" +msgstr "" + +#: views/report-to.php:114 +msgid "Remove endpoint" +msgstr "" + +#: views/report-to.php:126 +msgid "Remove group" +msgstr "" + +#: views/report-to.php:171 +msgid "Add endpoint group" +msgstr "" + +#: views/strict-transport-security.php:3 +msgid "HTTP Strict-Transport-Security (HSTS) enforces secure (HTTP over SSL/TLS) connections to the server. This reduces impact of bugs in web applications leaking session data through cookies and external links and defends against Man-in-the-middle attacks. HSTS also disables the ability for user's to ignore SSL negotiation warnings." +msgstr "" + +#: views/timing-allow-origin.php:3 +msgid "The Timing-Allow-Origin header indicates whether a resource provides the complete timing information. SEO tools use the Resource Timing API to analyze the speed and weight of your web page resources." +msgstr "" + +#: views/vary.php:3 +msgid "The Vary HTTP response header determines how to match future request headers to decide whether a cached response can be used rather than requesting a fresh one from the origin server. It is used by the server to indicate which headers it used when selecting a representation of a resource in a content negotiation algorithm." +msgstr "" + +#: views/www-authenticate.php:3 +msgid "HTTP supports the use of several authentication mechanisms to control access to pages and other resources. These mechanisms are all based around the use of the 401 status code and the WWW-Authenticate response header." +msgstr "" + +#: views/www-authenticate.php:79 +msgid "Add user" +msgstr "" + +#: views/www-authenticate.php:43 +msgid "Username" +msgstr "" + +#: views/www-authenticate.php:44 +msgid "Password" +msgstr "" + +#: views/x-content-type-options.php:3 +msgid "Prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions. This reduces exposure to drive-by download attacks and sites serving user uploaded content that, by clever naming, could be treated by MSIE as executable or dynamic HTML files." +msgstr "" + +#: views/x-dns-prefetch-control.php:3 +msgid "The X-DNS-Prefetch-Control HTTP response header controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth." +msgstr "" + +#: views/x-dns-prefetch-control.php:4 +msgid "This prefetching is performed in the background, so that the DNS is likely to have been resolved by the time the referenced items are needed. This reduces latency when the user clicks a link." +msgstr "" + +#: views/x-download-options.php:3 +msgid "For web applications that need to serve untrusted HTML files, Microsoft IE introduced a mechanism to help prevent the untrusted content from compromising your site’s security. When the X-Download-Options header is present with the value noopen, the user is prevented from opening a file download directly; instead, they must first save the file locally. When the locally saved file is later opened, it no longer executes in the security context of your site, helping to prevent script injection." +msgstr "" + +#: views/x-frame-options.php:3 +msgid "This header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object>. Use this to avoid clickjacking attacks." +msgstr "" + +#: views/x-permitted-cross-domain-policies.php:3 +msgid "A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains." +msgstr "" + +#: views/x-powered-by.php:3 +msgid "Specifies the technology (e.g. ASP.NET, PHP, JBoss, Express) supporting the web application, i.e. the scripting language. It is recommended to remove it or provide misleading information to throw off hackers that might target a particular technology/version." +msgstr "" + +#: views/x-robots-tag.php:8 +msgid 'The X-Robots-Tag HTTP header is used to indicate how a web page is to be indexed within public search engine results. The header is effectively equivalent to <meta name="robots" content="...">.' +msgstr "" + +#: views/x-robots-tag.php:11 +msgid "Google Search Central" +msgstr "" + +#: views/x-ua-compatible.php:3 +msgid "In some cases, it might be necessary to restrict a webpage to a document mode supported by an older version of Windows Internet Explorer. Here we look at the x-ua-compatible header, which allows a webpage to be displayed as if it were viewed by an earlier version of the browser." +msgstr "" + +#: views/x-xss-protection.php:3 +msgid "This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. It's usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user." +msgstr "" + +#: views/inspect.php:19 +msgid "Use this tool to inspect the HTTP headers of your website or your competitor's website." +msgstr "" + +#: views/inspect.php:35 +msgid "Auth Type" +msgstr "" + +#: views/inspect.php:52 +msgid "Inspect" +msgstr "" + +#: views/ajax.php:123 +msgid "Category" +msgstr "" + +#: views/inspect.php:52 +msgid "Inspect" +msgstr "" + +#: views/ajax.php:118 +msgid "Missing headers" +msgstr "" + +#: views/ajax.php:72 +msgid "Response headers" +msgstr "" + +#: views/ajax.php:45 +msgid "HTTP Status" +msgstr "" + +#: views/ajax.php:17 +msgid "URL malformed" +msgstr "" + +#: http-headers.php:1110 +msgid "Settings" +msgstr "" \ No newline at end of file diff --git a/wp-content/plugins/http-headers/uninstall.php b/wp-content/plugins/http-headers/uninstall.php new file mode 100644 index 000000000..77b799919 --- /dev/null +++ b/wp-content/plugins/http-headers/uninstall.php @@ -0,0 +1,12 @@ + + + Access-Control-Allow-Credentials +

+
+

+ +

+ + +
+ Access-Control-Allow-Credentials + $v) + { + ?>

+
+ + + + + + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/access-control-allow-headers.php b/wp-content/plugins/http-headers/views/access-control-allow-headers.php new file mode 100644 index 000000000..2eca6a9ca --- /dev/null +++ b/wp-content/plugins/http-headers/views/access-control-allow-headers.php @@ -0,0 +1,79 @@ + + + Access-Control-Allow-Headers +

+
+

+ +

+ + +
+ Access-Control-Allow-Credentials + $v) + { + ?>

+
+ + + + + + +
+ + + + + + + + + + +
/> + + +
+ +
+ + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/access-control-allow-methods.php b/wp-content/plugins/http-headers/views/access-control-allow-methods.php new file mode 100644 index 000000000..010a3def2 --- /dev/null +++ b/wp-content/plugins/http-headers/views/access-control-allow-methods.php @@ -0,0 +1,42 @@ + + + Access-Control-Allow-Methods +

+
+

+ +

+ + +
+ Access-Control-Allow-Methods + $v) + { + ?>

+
+ + + + +

+ + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/access-control-allow-origin.php b/wp-content/plugins/http-headers/views/access-control-allow-origin.php new file mode 100644 index 000000000..2171c0d31 --- /dev/null +++ b/wp-content/plugins/http-headers/views/access-control-allow-origin.php @@ -0,0 +1,83 @@ + + + Access-Control-Allow-Origin +

+
+

+ +

+ + +
+ Access-Control-Allow-Origin + $v) + { + ?>

+
+ + + + + + + + + + + + $url) + { + if ($i == 0) + { + continue; + } + ?> + + + + + + + + + + + +
+ + + /> +  
  />
  
+ + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/access-control-expose-headers.php b/wp-content/plugins/http-headers/views/access-control-expose-headers.php new file mode 100644 index 000000000..7de1c2e35 --- /dev/null +++ b/wp-content/plugins/http-headers/views/access-control-expose-headers.php @@ -0,0 +1,78 @@ + + + Access-Control-Expose-Headers +

+
+

+ +

+ + +
+ Access-Control-Expose-Headers + $v) + { + ?>

+
+ + + + + + + + + +
+ + + + + + + + + + +
/>
+ +
+ + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/access-control-max-age.php b/wp-content/plugins/http-headers/views/access-control-max-age.php new file mode 100644 index 000000000..210c75d2f --- /dev/null +++ b/wp-content/plugins/http-headers/views/access-control-max-age.php @@ -0,0 +1,32 @@ + + + Access-Control-Max-Age +

+
+

+ +

+ + +
+ Access-Control-Max-Age + $v) + { + ?>

+
+ + + + + > + + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/advanced.php b/wp-content/plugins/http-headers/views/advanced.php new file mode 100644 index 000000000..78592acfd --- /dev/null +++ b/wp-content/plugins/http-headers/views/advanced.php @@ -0,0 +1,151 @@ + +
+

+

+
+ +
+ + +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
DirectiveValue
PHP version
Server Software
Server API
user_ini.filename
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Location of .htaccess
Location of .user.ini
Location of .hh-htpasswd
Location of .hh-htdigest
+
+
+ +
+ + + + + + + + +
+

+ 		  +
+ __('Use PHP to send headers (deprecated)', 'http-headers'), + 'htaccess' => __('Use Apache (mod_headers) to send headers', 'http-headers'), + ); + $method = get_option('hh_method'); + foreach ($items as $key => $val) { + if ($is_super_admin) { + ?>

+
+
+ +
+
\ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/age.php b/wp-content/plugins/http-headers/views/age.php new file mode 100644 index 000000000..83187b29a --- /dev/null +++ b/wp-content/plugins/http-headers/views/age.php @@ -0,0 +1,32 @@ + + + Age +

+
+

+ +

+ + +
+ Age + $v) + { + ?>

+
+ + + + + > + + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/ajax-inspect.php b/wp-content/plugins/http-headers/views/ajax-inspect.php new file mode 100644 index 000000000..45048b58d --- /dev/null +++ b/wp-content/plugins/http-headers/views/ajax-inspect.php @@ -0,0 +1,133 @@ + +
+

+
+ sprintf('Basic %s', base64_encode($_POST['username'] .':'. $_POST['password'])) + ); +} + +$response = wp_safe_remote_head($_POST['url'], $args); +$status = wp_remote_retrieve_response_code($response); +$dictionary = wp_remote_retrieve_headers($response); +$responseHeaders = $dictionary ? $dictionary->getAll() : array(); + +if ($status !== 200) +{ + ?> +
+

:

+

+
+ +
+

+ + + + + + + + + $v) + { + $k = strtolower($k); + $found = in_array($k, $reportOnly); + $v = is_array($v) ? join(", ", $v) : $v; + ?> + > + + + + + +
+
+ $v) +{ + if (!array_key_exists($k, $responseHeaders) + && !in_array($k, $exclude) + && !(in_array($k, $special) && array_key_exists($k . '-report-only', $responseHeaders) )) + { + $missing[$k] = isset($categories[$v[2]]) ? $categories[$v[2]] : 'Other'; + } +} + +if (!empty($missing)) +{ + asort($missing); + ?> +
+

+ + + + + + + + + $v) + { + ?> + + + + + + +
+
+ + + Cache-Control +

+
+

+ +

+ + +
+ Cache-Control + $v) + { + ?>

+
+ + + + + 'bool', + 'no-cache' => 'bool', + 'no-store' => 'bool', + 'no-transform' => 'bool', + 'public' => 'bool', + 'private' => 'bool', + 'proxy-revalidate' => 'bool', + 'max-age' => 'int', + 's-maxage' => 'int', + 'immutable' => 'bool', + 'stale-while-revalidate' => 'int', + 'stale-if-error' => 'int', + ); + ?> + + $type) + { + ?> + + + + + +
> +
+ + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/category.php b/wp-content/plugins/http-headers/views/category.php new file mode 100644 index 000000000..dc5ac1972 --- /dev/null +++ b/wp-content/plugins/http-headers/views/category.php @@ -0,0 +1,246 @@ + + + + + + + + + + + + $item) + { + if ($_GET['category'] != $item[2]) + { + continue; + } + + $key = $item[1]; + + $option = get_option($key, 0); + $isOn = (int) $option === 1; + $value = NULL; + if ($isOn) + { + $value = get_option($key .'_value'); + if (is_string($value)) + { + $value = esc_html($value); + } + switch ($key) + { + case 'hh_age': + $value = (int) $value; + break; + case 'hh_p3p': + if (!empty($value)) + { + $value = sprintf('CP="%s"', join(' ', array_keys($value))); + } + break; + case 'hh_x_xxs_protection': + if ($value == '1; report=') { + $value .= esc_html(get_option('hh_x_xxs_protection_uri')); + } + break; + case 'hh_x_powered_by': + if (get_option('hh_x_powered_by_option') == 'unset') { + $value = '[Unset]'; + } + break; + case 'hh_x_frame_options': + $value = strtoupper($value); + if ($value == 'ALLOW-FROM') + { + $value .= ' ' . esc_html(get_option('hh_x_frame_options_domain')); + } + break; + case 'hh_strict_transport_security': + $tmp = array(); + $hh_strict_transport_security_max_age = get_option('hh_strict_transport_security_max_age'); + if ($hh_strict_transport_security_max_age !== false) + { + $tmp[] = sprintf('max-age=%u', $hh_strict_transport_security_max_age); + if (get_option('hh_strict_transport_security_sub_domains')) + { + $tmp[] = 'includeSubDomains'; + } + if (get_option('hh_strict_transport_security_preload')) + { + $tmp[] = 'preload'; + } + } else { + $tmp = array(get_option('hh_strict_transport_security_value')); + } + if (!empty($tmp)) + { + $value = join('; ', $tmp); + } + break; + case 'hh_timing_allow_origin': + if ($value == 'origin') + { + $value = esc_html(get_option('hh_timing_allow_origin_url')); + } + break; + case 'hh_access_control_allow_origin': + if ($value == 'origin') + { + $value = join('
', array_map('esc_html', get_option('hh_access_control_allow_origin_url', array()))); + } + break; + case 'hh_access_control_expose_headers': + case 'hh_access_control_allow_headers': + case 'hh_access_control_allow_methods': + $value = join(', ', array_keys($value)); + break; + case 'hh_content_security_policy': + $value = build_csp_value($value, true); + if (get_option('hh_content_security_policy_report_only')) { + $item[0] .= '-Report-Only'; + } + break; + case 'hh_content_encoding': + $value = !$value ? null : join(', ', array_keys($value)); + + $ext = get_option('hh_content_encoding_ext'); + if (!empty($ext)) { + $ext = join(', ', array_keys($ext)); + $value .= (!empty($value) ? '
' : null) . $ext; + } + $module = get_option('hh_content_encoding_module'); + switch ($module) { + case 'brotli_deflate': + $enc = 'br, gzip'; + break; + case 'brotli': + $enc = 'br'; + break; + case 'deflate': + default: + $enc = 'gzip'; + break; + } + + $value = !empty($value) ? sprintf('%s (%s)', $enc, $value) : $enc; + break; + case 'hh_vary': + $value = !$value ? null : join(', ', array_keys($value)); + break; + case 'hh_www_authenticate': + $value = esc_html(get_option('hh_www_authenticate_type')); + break; + case 'hh_cache_control': + $tmp = array(); + foreach ($value as $k => $v) { + if (in_array($k, array('max-age', 's-maxage', 'stale-while-revalidate', 'stale-if-error'))) { + if (strlen($v) > 0) { + $tmp[] = sprintf("%s=%u", $k, $v); + } + } else { + $tmp[] = $k; + } + } + $value = join(', ', $tmp); + break; + case 'hh_expires': + $tmp = array(); + $types = get_option('hh_expires_type', array()); + foreach ($types as $type => $whatever) { + list($base, $period, $suffix) = explode('_', $value[$type]); + if (in_array($base, array('access', 'modification'))) { + $tmp[] = $type != 'default' + ? sprintf('%s = "%s plus %u %s"', $type, $base, $period, $suffix) + : sprintf('default = "%s plus %u %s"', $base, $period, $suffix); + } elseif ($base == 'invalid') { + $tmp[] = $type != 'default' + ? sprintf('%s = A0', $type) + : sprintf('default = A0'); + } + } + $value = join('
', $tmp); + break; + case 'hh_cookie_security': + if (is_array($value)) { + if (isset($value['SameSite']) && !is_samesite_supported()) { + unset($value['SameSite']); + } + } + $value = is_array($value) && !empty($value) + ? '✔ ' . join(' ✔ ', array_keys($value)) + : NULL; + break; + case 'hh_expect_ct': + $tmp = array(); + $tmp[] = sprintf('max-age=%u', get_option('hh_expect_ct_max_age')); + if (get_option('hh_expect_ct_enforce') == 1) { + $tmp[] = 'enforce'; + } + $tmp[] = sprintf('report-uri="%s"', esc_html(get_option('hh_expect_ct_report_uri'))); + $value = join(', ', $tmp); + break; + case 'hh_custom_headers': + $_names = array($item[0]); + $_values = array(' '); + foreach ($value['name'] as $key => $name) + { + if (!empty($name) && !empty($value['value'][$key])) + { + $_names[] = '

    '.$name.'

'; + $_values[] = '

'.esc_html($value['value'][$key]).'

'; + } + } + $item[0] = join('', $_names); + $value = join('', $_values); + break; + case 'hh_report_to': + $value = esc_html(get_http_header('report_to')); + break; + case 'hh_nel': + $value = esc_html(get_http_header('nel')); + break; + case 'hh_feature_policy': + $value = esc_html(get_http_header('feature_policy')); + break; + case 'hh_permissions_policy': + $value = esc_html(get_http_header('permissions_policy')); + break; + case 'hh_x_robots_tag': + $value = esc_html(get_http_header('x_robots_tag')); + break; + case 'hh_clear_site_data': + $value = '"' . join('", "', array_keys($value)) . '"'; + break; + case 'hh_content_type': + $tmp = array(); + foreach ($value as $key => $val) { + $tmp[] = sprintf(".%s => %s", $key, $val); + } + $value = join("
", $tmp); + break; + default: + $value = !is_array($value) ? $value : join(', ', $value); + } + } + $status = $isOn ? __('On', 'http-headers') : __('Off', 'http-headers'); + ?> + > + + + + + + + +
\ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/clear-site-data.php b/wp-content/plugins/http-headers/views/clear-site-data.php new file mode 100644 index 000000000..ddf8f756c --- /dev/null +++ b/wp-content/plugins/http-headers/views/clear-site-data.php @@ -0,0 +1,65 @@ + + + Clear-Site-Data +

+
+

+ +

+ + +
+ Clear-Site-Data + $v) + { + ?>

+
+ + + + + 'bool', + 'clientHints' => 'bool', + 'cookies' => 'bool', + 'storage' => 'bool', + 'executionContexts' => 'bool', + '*' => 'bool', + ); + ?> + + $type) + { + ?> + + + + + +
> +
+ + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/connection.php b/wp-content/plugins/http-headers/views/connection.php new file mode 100644 index 000000000..d41d5648c --- /dev/null +++ b/wp-content/plugins/http-headers/views/connection.php @@ -0,0 +1,39 @@ + + + Connection +

+
+

+ +

+ + +
+ Connection + $v) + { + ?>

+
+ + + + + + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/content-encoding.php b/wp-content/plugins/http-headers/views/content-encoding.php new file mode 100644 index 000000000..6865bbbfc --- /dev/null +++ b/wp-content/plugins/http-headers/views/content-encoding.php @@ -0,0 +1,122 @@ + + + Content-Encoding +

+
+

+ +

+ + +
+ Content-Encoding + $v) + { + ?>

+
+ + + + + + + + + + + + + + + + + $item) { + if ($i > 0 && $i % 2 === 0) { + ?> + + + + + + + $item) { + if ($i > 0 && $i % 2 === 0) { + ?> + + +
+ + + + + + + + +
+ + + + + +
+
+ + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/content-security-policy.php b/wp-content/plugins/http-headers/views/content-security-policy.php new file mode 100644 index 000000000..22f601349 --- /dev/null +++ b/wp-content/plugins/http-headers/views/content-security-policy.php @@ -0,0 +1,119 @@ + + + Content Security Policy +

+ +

+ +

+
+

Useful tools:

+

+ SRI Hash Generator + - generates subresource integrity hashes using a cryptographic algorithm. +

+

+ CSP Hash Generator + - generates CSP hashes to use in script-src and style-src directives. +

+
+

+ +

+ + +
+ Content-Security-Policy + $v) + { + ?>

+
+ + + + + + + + + + + + + + + + + +
+ +
+ + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/content-type.php b/wp-content/plugins/http-headers/views/content-type.php new file mode 100644 index 000000000..a1419b575 --- /dev/null +++ b/wp-content/plugins/http-headers/views/content-type.php @@ -0,0 +1,72 @@ + + + Content-Type +

+
+

+ +

+ + +
+ Content-Type + $v) + { + ?>

+
+ + + + + 'application/vnd.ms-fontobject', + 'otf' => 'application/x-font-opentype', + 'svg' => 'image/svg+xml', + 'ttf' => 'application/x-font-ttf', + 'woff' => 'application/font-woff', + 'woff2' => 'application/font-woff2', + 'jsonp' => 'application/javascript', + ); + ?> + + + + + + + + $media_type) + { + ?> + + + + + + + +
+ >.
+ + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/cookie-security.php b/wp-content/plugins/http-headers/views/cookie-security.php new file mode 100644 index 000000000..a3ef596a4 --- /dev/null +++ b/wp-content/plugins/http-headers/views/cookie-security.php @@ -0,0 +1,63 @@ + + + Cookie security +

+

+

+
+

+ +

+ + +
+ Cookie security + $v) + { + ?>

+
+ + + + + +

+ +

+ +

+ +

+ + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/cross-origin-embedder-policy.php b/wp-content/plugins/http-headers/views/cross-origin-embedder-policy.php new file mode 100644 index 000000000..39ebe4794 --- /dev/null +++ b/wp-content/plugins/http-headers/views/cross-origin-embedder-policy.php @@ -0,0 +1,39 @@ + + + Cross-Origin-Embedder-Policy +

+
+

+ +

+ + +
+ Cross-Origin-Embedder-Policy + $v) + { + ?>

+
+ + + + + + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/cross-origin-opener-policy.php b/wp-content/plugins/http-headers/views/cross-origin-opener-policy.php new file mode 100644 index 000000000..757ba579e --- /dev/null +++ b/wp-content/plugins/http-headers/views/cross-origin-opener-policy.php @@ -0,0 +1,41 @@ + + + Cross-Origin-Opener-Policy +

+

+

+
+

+ +

+ + +
+ Cross-Origin-Opener-Policy + $v) + { + ?>

+
+ + + + + + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/cross-origin-resource-policy.php b/wp-content/plugins/http-headers/views/cross-origin-resource-policy.php new file mode 100644 index 000000000..e8e81eaa6 --- /dev/null +++ b/wp-content/plugins/http-headers/views/cross-origin-resource-policy.php @@ -0,0 +1,39 @@ + + + Cross-Origin-Resource-Policy +

+
+

+ +

+ + +
+ Cross-Origin-Resource-Policy + $v) + { + ?>

+
+ + + + + + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/custom-headers.php b/wp-content/plugins/http-headers/views/custom-headers.php new file mode 100644 index 000000000..c18962922 --- /dev/null +++ b/wp-content/plugins/http-headers/views/custom-headers.php @@ -0,0 +1,82 @@ + + + Custom headers +

+
X-Pingback +
X-Cache +
X-Edge-Location +
X-HTTP-Method-Override +
X-Csrf-Token +
X-Request-ID +
X-Correlation-ID +
X-Content-Duration +

+ + +
+ Custom headers + $v) + { + ?>

+
+ + + + + + + + + + + + + + + + + + + + + $name) + { + if (empty($name) || empty($custom_headers_value['value'][$key])) + { + continue; + } + ?> + + + + + + + + + + +
>>
+ + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/dashboard.php b/wp-content/plugins/http-headers/views/dashboard.php new file mode 100644 index 000000000..4af4da810 --- /dev/null +++ b/wp-content/plugins/http-headers/views/dashboard.php @@ -0,0 +1,59 @@ + +
+
+ 0, 'on' => 0); + } + $tmp[$item[2]]['total'] += 1; + if (get_option($item[1]) == 1) + { + $tmp[$item[2]]['on'] += 1; + } + } + foreach ($categories as $key => $val) + { + ?> + + + + + +
+ +
+
+

+

.

+

+

+
+ + + + + + + + $ + +
+
+
+
\ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/expect-ct.php b/wp-content/plugins/http-headers/views/expect-ct.php new file mode 100644 index 000000000..35a16fc2e --- /dev/null +++ b/wp-content/plugins/http-headers/views/expect-ct.php @@ -0,0 +1,52 @@ + + + Expect-CT +

+
+

+ +

+ + +
+ Expect-CT + $v) + { + ?>

+
+ + + + + + + + + + + + + + + + + +
max-age:
report-uri: />
enforce: />
+ + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/expires.php b/wp-content/plugins/http-headers/views/expires.php new file mode 100644 index 000000000..82029b97e --- /dev/null +++ b/wp-content/plugins/http-headers/views/expires.php @@ -0,0 +1,104 @@ + + + Expires +

+

+

+

+ +
+

+ +

+ + +
+ Expires + $v) + { + ?>

+
+ + + + + + '0 (invalid date)', + 'access_1_hour' => 'Access +1 hour', + 'access_6_hours' => 'Access +6 hours', + 'access_12_hours' => 'Access +12 hours', + 'access_1_day' => 'Access +1 day', + 'access_3_days' => 'Access +3 days', + 'access_1_week' => 'Access +1 week', + 'access_2_weeks' => 'Access +2 weeks', + 'access_1_month' => 'Access +1 month', + 'access_3_months' => 'Access +3 months', + 'access_6_months' => 'Access +6 months', + 'access_1_year' => 'Access +1 year', + 'modification_1_hour' => 'Modification +1 hour', + 'modification_6_hours' => 'Modification +6 hours', + 'modification_12_hours' => 'Modification +12 hours', + 'modification_1_day' => 'Modification +1 day', + 'modification_3_days' => 'Modification +3 days', + 'modification_1_week' => 'Modification +1 week', + 'modification_2_weeks' => 'Modification +2 weeks', + 'modification_1_month' => 'Modification +1 month', + 'modification_3_months' => 'Modification +3 months', + 'modification_6_months' => 'Modification +6 months', + 'modification_1_year' => 'Modification +1 year', + ); + $expires_value = get_option('hh_expires_value'); + $expires_type = get_option('hh_expires_type'); + if (!$expires_value) + { + $expires_value = array(); + } + if (!$expires_type) + { + $expires_type = array(); + } + foreach ($types as $type) { + ?> + + + + + + +
> + +
+ + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/feature-policy.php b/wp-content/plugins/http-headers/views/feature-policy.php new file mode 100644 index 000000000..ec00703cd --- /dev/null +++ b/wp-content/plugins/http-headers/views/feature-policy.php @@ -0,0 +1,106 @@ + + + Feature-Policy +

+
+

+ +

+ + +
+ Feature-Policy + $v) + { + ?>

+
+ + + + + + + + + + + + + + +
> + + + class="http-header-value"> +
+ + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/header.php b/wp-content/plugins/http-headers/views/header.php new file mode 100644 index 000000000..30bc39b26 --- /dev/null +++ b/wp-content/plugins/http-headers/views/header.php @@ -0,0 +1,24 @@ + + +
+
+ + + + +
+ +
+
\ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/includes/breadcrumbs.inc.php b/wp-content/plugins/http-headers/views/includes/breadcrumbs.inc.php new file mode 100644 index 000000000..94d4ab698 --- /dev/null +++ b/wp-content/plugins/http-headers/views/includes/breadcrumbs.inc.php @@ -0,0 +1,26 @@ + +
    +
    • +
    • +
\ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/includes/config.inc.php b/wp-content/plugins/http-headers/views/includes/config.inc.php new file mode 100644 index 000000000..0cdafc912 --- /dev/null +++ b/wp-content/plugins/http-headers/views/includes/config.inc.php @@ -0,0 +1,128 @@ + __('Off', 'http-headers'), + 1 => __('On', 'http-headers'), +); + +$categories = array( + 'security' => __('Security', 'http-headers'), + 'access-control' => __('Access control', 'http-headers'), + 'authentication' => __('Authentication', 'http-headers'), + 'compression' => __('Compression', 'http-headers'), + 'caching' => __('Caching', 'http-headers'), + 'misc' => __('Miscellaneous', 'http-headers'), +); + +$headers = array( + 'x-frame-options' => array('X-Frame-Options', 'hh_x_frame_options', 'security'), + 'x-xss-protection' => array('X-XSS-Protection', 'hh_x_xxs_protection', 'security'), + 'x-content-type-options' => array('X-Content-Type-Options', 'hh_x_content_type_options', 'security'), + 'x-ua-compatible' => array('X-UA-Compatible', 'hh_x_ua_compatible', 'misc'), + 'strict-transport-security' => array('Strict-Transport-Security', 'hh_strict_transport_security', 'security'), + 'p3p' => array('P3P', 'hh_p3p', 'access-control'), + 'referrer-policy' => array('Referrer-Policy', 'hh_referrer_policy', 'security'), + 'content-security-policy' => array('Content-Security-Policy', 'hh_content_security_policy', 'security'), + 'access-control-allow-origin' => array('Access-Control-Allow-Origin', 'hh_access_control_allow_origin', 'access-control'), + 'access-control-allow-credentials' => array('Access-Control-Allow-Credentials', 'hh_access_control_allow_credentials', 'access-control'), + 'access-control-max-age' => array('Access-Control-Max-Age', 'hh_access_control_max_age', 'access-control'), + 'access-control-allow-methods' => array('Access-Control-Allow-Methods', 'hh_access_control_allow_methods', 'access-control'), + 'access-control-allow-headers' => array('Access-Control-Allow-Headers', 'hh_access_control_allow_headers', 'access-control'), + 'access-control-expose-headers' => array('Access-Control-Expose-Headers', 'hh_access_control_expose_headers', 'access-control'), + 'content-encoding' => array('Content-Encoding', 'hh_content_encoding', 'compression'), + 'vary' => array('Vary', 'hh_vary', 'compression'), + 'x-powered-by' => array('X-Powered-By', 'hh_x_powered_by', 'misc'), + 'www-authenticate' => array('WWW-Authenticate', 'hh_www_authenticate', 'authentication'), + 'cache-control' => array('Cache-Control', 'hh_cache_control', 'caching'), + 'expires' => array('Expires', 'hh_expires', 'caching'), + 'pragma' => array('Pragma', 'hh_pragma', 'caching'), + 'age' => array('Age', 'hh_age', 'caching'), + 'connection' => array('Connection', 'hh_connection', 'misc'), + 'cookie-security' => array('Cookie security', 'hh_cookie_security', 'security'), + 'expect-ct' => array('Expect-CT', 'hh_expect_ct', 'security'), + 'timing-allow-origin' => array('Timing-Allow-Origin', 'hh_timing_allow_origin', 'access-control'), + 'custom-headers' => array('Custom headers', 'hh_custom_headers', 'misc'), + 'x-dns-prefetch-control' => array('X-DNS-Prefetch-Control', 'hh_x_dns_prefetch_control', 'security'), + 'x-download-options' => array('X-Download-Options', 'hh_x_download_options', 'security'), + 'x-permitted-cross-domain-policies' => array('X-Permitted-Cross-Domain-Policies', 'hh_x_permitted_cross_domain_policies', 'security'), + 'report-to' => array('Report-To', 'hh_report_to', 'security'), + 'feature-policy' => array('Feature-Policy', 'hh_feature_policy', 'security'), + 'permissions-policy' => array('Permissions-Policy', 'hh_permissions_policy', 'security'), + 'clear-site-data' => array('Clear-Site-Data', 'hh_clear_site_data', 'security'), + 'content-type' => array('Content-Type', 'hh_content_type', 'misc'), + 'cross-origin-resource-policy' => array('Cross-Origin-Resource-Policy', 'hh_cross_origin_resource_policy', 'security'), + 'nel' => array('NEL', 'hh_nel', 'misc'), + 'cross-origin-embedder-policy' => array('Cross-Origin-Embedder-Policy', 'hh_cross_origin_embedder_policy', 'security'), + 'cross-origin-opener-policy' => array('Cross-Origin-Opener-Policy', 'hh_cross_origin_opener_policy', 'security'), + 'x-robots-tag' => array('X-Robots-Tag', 'hh_x_robots_tag', 'misc'), +); + +$headers_list = array( + 'Accept', + 'Accept-Charset', + 'Accept-Encoding', + 'Accept-Language', + 'Accept-Datetime', + 'Authorization', + 'Cache-Control', + 'Connection', + 'Permanent', + 'Cookie', + 'Content-Length', + 'Content-MD5', + 'Content-Type', + 'Date', + 'Expect', + 'Forwarded', + 'From', + 'Host', + 'Permanent', + 'If-Match', + 'If-Modified-Since', + 'If-None-Match', + 'If-Range', + 'If-Unmodified-Since', + 'Max-Forwards', + 'Origin', + 'Pragma', + 'Proxy-Authorization', + 'Range', + 'Referer', + 'TE', + 'User-Agent', + 'Upgrade', + 'Via', + 'Warning', + 'X-Requested-With', + 'DNT', + 'X-Forwarded-For', + 'X-Forwarded-Host', + 'X-Forwarded-Proto', + 'Front-End-Https', + 'X-Http-Method-Override', + 'X-ATT-DeviceId', + 'X-Wap-Profile', + 'Proxy-Connection', + 'X-UIDH', + 'X-Csrf-Token', + 'X-PINGOTHER', + 'X-WP-Nonce', +); + +$cors_safe_request_headers = array( + 'Accept', + 'Accept-Language', + 'Content-Language', + 'Content-Type', +); + +$cors_safe_response_headers = array( + 'Cache-Control', + 'Content-Language', + 'Content-Type', + 'Expires', + 'Last-Modified', + 'Pragma', +); \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/includes/csp-inc.inc.php b/wp-content/plugins/http-headers/views/includes/csp-inc.inc.php new file mode 100644 index 000000000..9517dce8c --- /dev/null +++ b/wp-content/plugins/http-headers/views/includes/csp-inc.inc.php @@ -0,0 +1,4 @@ + + class="http-header-value"> \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/includes/csp-sandbox.inc.php b/wp-content/plugins/http-headers/views/includes/csp-sandbox.inc.php new file mode 100644 index 000000000..7a9d9cfec --- /dev/null +++ b/wp-content/plugins/http-headers/views/includes/csp-sandbox.inc.php @@ -0,0 +1,29 @@ + +

+ + class="http-header-value"> + +

+ \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/includes/csp-src.inc.php b/wp-content/plugins/http-headers/views/includes/csp-src.inc.php new file mode 100644 index 000000000..a0517ea83 --- /dev/null +++ b/wp-content/plugins/http-headers/views/includes/csp-src.inc.php @@ -0,0 +1,85 @@ + '*', + 'self' => "'self'", + 'none' => "'none'", + 'unsafe-inline' => "'unsafe-inline'", + 'unsafe-eval' => "'unsafe-eval'", + 'strict-dynamic' => "'strict-dynamic'", + 'report-sample' => "'report-sample'", + 'http' => 'http:', + 'https' => 'https:', + 'data' => 'data:', + 'mediastream' => 'mediastream:', + 'blob' => 'blob:', + 'filesystem' => 'filesystem:', +); + +foreach ($origins as $k => $origin) +{ + ?> + > + + class="http-header-value"> + +

+ +> + > +

\ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/includes/csp-sri.inc.php b/wp-content/plugins/http-headers/views/includes/csp-sri.inc.php new file mode 100644 index 000000000..974cfb088 --- /dev/null +++ b/wp-content/plugins/http-headers/views/includes/csp-sri.inc.php @@ -0,0 +1,20 @@ + +

+ + class="http-header-value"> + +

+ \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/includes/csp-text.inc.php b/wp-content/plugins/http-headers/views/includes/csp-text.inc.php new file mode 100644 index 000000000..3a1431808 --- /dev/null +++ b/wp-content/plugins/http-headers/views/includes/csp-text.inc.php @@ -0,0 +1,11 @@ +> + +
+ Example: application/x-shockwave-flash application/x-java-applet + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/includes/options.inc.php b/wp-content/plugins/http-headers/views/includes/options.inc.php new file mode 100644 index 000000000..6a04489e9 --- /dev/null +++ b/wp-content/plugins/http-headers/views/includes/options.inc.php @@ -0,0 +1,112 @@ + +
+

HTTP Headers

+ +
+

+

+
+ +
+

+

+
+ +

: + , + , + +

+ +
\ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/inspect.php b/wp-content/plugins/http-headers/views/inspect.php new file mode 100644 index 000000000..093885984 --- /dev/null +++ b/wp-content/plugins/http-headers/views/inspect.php @@ -0,0 +1,42 @@ + +
+

+

+
+
+ + +
+
+ + +
+
+ + +
+
+ + +
+
+
+ +
\ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/manual.php b/wp-content/plugins/http-headers/views/manual.php new file mode 100644 index 000000000..c3c72f7ca --- /dev/null +++ b/wp-content/plugins/http-headers/views/manual.php @@ -0,0 +1,121 @@ + +
+ +
+

+ + +

+ +
+
+ + +

+ +
+
\ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/nel.php b/wp-content/plugins/http-headers/views/nel.php new file mode 100644 index 000000000..78ad73d20 --- /dev/null +++ b/wp-content/plugins/http-headers/views/nel.php @@ -0,0 +1,78 @@ + + + NEL +

+
+

+ +

+ + +
+ NEL + $v) + { + ?>

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
report_to:>
max_age:
include_subdomains:>
success_fraction: min="0.0" max="1.0" step="0.1">
failure_fraction: min="0.0" max="1.0" step="0.1">
request_headers:>
response_headers:>
+ + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/p3p.php b/wp-content/plugins/http-headers/views/p3p.php new file mode 100644 index 000000000..a80925a3e --- /dev/null +++ b/wp-content/plugins/http-headers/views/p3p.php @@ -0,0 +1,166 @@ + + + P3P +

+ + +
+ P3P + $v) + { + ?>

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Compact ACCESS + $item) { + if ($i > 0 && $i % 4 === 0) { + ?>
+
Compact DISPUTES + $item) { + if ($i > 0 && $i % 4 === 0) { + ?>
+
Compact REMEDIES + $item) { + if ($i > 0 && $i % 4 === 0) { + ?>
+
Compact NON-IDENTIFIABLE + $item) { + if ($i > 0 && $i % 4 === 0) { + ?>
+
Compact PURPOSE + $item) { + if ($i > 0 && $i % 4 === 0) { + ?>
+
Compact RECIPIENT + $item) { + if ($i > 0 && $i % 4 === 0) { + ?>
+
Compact RETENTION + $item) { + if ($i > 0 && $i % 4 === 0) { + ?>
+
Compact CATEGORIES + $item) { + if ($i > 0 && $i % 4 === 0) { + ?>
+
Compact TEST + $item) { + if ($i > 0 && $i % 4 === 0) { + ?>
+
+ + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/permissions-policy.php b/wp-content/plugins/http-headers/views/permissions-policy.php new file mode 100644 index 000000000..be4f535ff --- /dev/null +++ b/wp-content/plugins/http-headers/views/permissions-policy.php @@ -0,0 +1,115 @@ + + + Permissions-Policy +

+
+

+ +

+ + +
+ Permissions-Policy + $v) + { + ?>

+
+ + + + + + + + + + + + + + +
> + + + class="http-header-value"> +
+ + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/pragma.php b/wp-content/plugins/http-headers/views/pragma.php new file mode 100644 index 000000000..2e31736ea --- /dev/null +++ b/wp-content/plugins/http-headers/views/pragma.php @@ -0,0 +1,39 @@ + + + Pragma +

+
+

+ +

+ + +
+ Pragma + $v) + { + ?>

+
+ + + + + + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/referrer-policy.php b/wp-content/plugins/http-headers/views/referrer-policy.php new file mode 100644 index 000000000..9eb4e96c0 --- /dev/null +++ b/wp-content/plugins/http-headers/views/referrer-policy.php @@ -0,0 +1,39 @@ + + + Referrer-Policy +

+
+

+ +

+ + +
+ Referrer-Policy + $v) + { + ?>

+
+ + + + + + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/report-to.php b/wp-content/plugins/http-headers/views/report-to.php new file mode 100644 index 000000000..dee8028c7 --- /dev/null +++ b/wp-content/plugins/http-headers/views/report-to.php @@ -0,0 +1,177 @@ + + + Report-To +

+ + +
+ Report-To + $v) + { + ?>

+
+ + + + + array(), + 'group' => '', + 'max_age' => '', + ) + ); +$report_to_value = get_option('hh_report_to_value'); +if (!is_array($report_to_value) || empty($report_to_value)) +{ + $report_to_value = $default_value; +} +?> + + +
+ + + + + + + + + + + + + + + + + '0 (Delete entire reporting cache)', '3600' => '1 hour', '86400' => '1 day', '604800' => '7 days', '2592000' => '30 days', '5184000' => '60 days', '7776000' => '90 days', '31536000' => '1 year', '63072000' => '2 years'); + $i = 0; + foreach ($report_to_value as $item) + { + if (isset($item['endpoints']) && !empty($item['endpoints'])) + { + $cnt = count($item['endpoints']); + $c = 0; + foreach ($item['endpoints'] as $k => $v) + { + $classes = array(); + if ($c == 0) + { + if ($i == 0) + { + $classes[] = 'hh-tr-first'; + } + $classes[] = 'hh-tr-group-start'; + } + + if ($c == $cnt - 1) + { + $classes[] = 'hh-tr-group-end'; + } + ?> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
groupmax_ageinclude_subdomainsendpoints  
urlpriorityweight  
> /> size="40"> + + + + 0) + { + ?> + +
> /> size="40"> + + 0) + { + ?>
+ +
+
+ + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/strict-transport-security.php b/wp-content/plugins/http-headers/views/strict-transport-security.php new file mode 100644 index 000000000..a45bb09a7 --- /dev/null +++ b/wp-content/plugins/http-headers/views/strict-transport-security.php @@ -0,0 +1,52 @@ + + + Strict-Transport-Security +

+
+

+ +

+ + +
+ Strict-Transport-Security + $v) + { + ?>

+
+ + + + + + + + + + + + + + + + + +
max-age:
includeSubDomains: />
preload: />
+ + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/timing-allow-origin.php b/wp-content/plugins/http-headers/views/timing-allow-origin.php new file mode 100644 index 000000000..8317ebe47 --- /dev/null +++ b/wp-content/plugins/http-headers/views/timing-allow-origin.php @@ -0,0 +1,40 @@ + + + Timing-Allow-Origin +

+
+

+ +

+ + +
+ Timing-Allow-Origin + $v) + { + ?>

+
+ + + + + + /> + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/vary.php b/wp-content/plugins/http-headers/views/vary.php new file mode 100644 index 000000000..4a6627e39 --- /dev/null +++ b/wp-content/plugins/http-headers/views/vary.php @@ -0,0 +1,51 @@ + + + Vary +

+
+

+ +

+ + +
+ Vary + $v) + { + ?>

+
+ + + + + + + + + + +
+

+
+ + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/www-authenticate.php b/wp-content/plugins/http-headers/views/www-authenticate.php new file mode 100644 index 000000000..bc6e7e6db --- /dev/null +++ b/wp-content/plugins/http-headers/views/www-authenticate.php @@ -0,0 +1,94 @@ + + + WWW-Authenticate +

+
+

+ +

+ + +
+ WWW-Authenticate + $v ) { + ?>

+ +

+
+ + + + + + + + + + + + + + + + + + + + + $user) { + ?> + + + + + + + + + + + + +
Type + +
Realm placeholder="Restricted area">
  
 >> 0) + { + ?>
  + +
+ + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/x-content-type-options.php b/wp-content/plugins/http-headers/views/x-content-type-options.php new file mode 100644 index 000000000..31dc3d853 --- /dev/null +++ b/wp-content/plugins/http-headers/views/x-content-type-options.php @@ -0,0 +1,39 @@ + + + X-Content-Type-Options +

+
+

+ +

+ + +
+ X-Content-Type-Options + $v) + { + ?>

+
+ + + + + + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/x-dns-prefetch-control.php b/wp-content/plugins/http-headers/views/x-dns-prefetch-control.php new file mode 100644 index 000000000..a07f9b8fc --- /dev/null +++ b/wp-content/plugins/http-headers/views/x-dns-prefetch-control.php @@ -0,0 +1,40 @@ + + + X-DNS-Prefetch-Control +

+

+
+

+ +

+ + +
+ X-DNS-Prefetch-Control + $v) + { + ?>

+
+ + + + + + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/x-download-options.php b/wp-content/plugins/http-headers/views/x-download-options.php new file mode 100644 index 000000000..18dd21c1b --- /dev/null +++ b/wp-content/plugins/http-headers/views/x-download-options.php @@ -0,0 +1,35 @@ + + + X-Download-Options +

+ + +
+ X-Download-Options + $v) + { + ?>

+
+ + + + + + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/x-frame-options.php b/wp-content/plugins/http-headers/views/x-frame-options.php new file mode 100644 index 000000000..e3c413cf7 --- /dev/null +++ b/wp-content/plugins/http-headers/views/x-frame-options.php @@ -0,0 +1,41 @@ + + + X-Frame-Options +

+
+

+ +

+ + +
+ X-Frame-Options + $v) + { + ?>

+
+ + + + + + /> + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/x-permitted-cross-domain-policies.php b/wp-content/plugins/http-headers/views/x-permitted-cross-domain-policies.php new file mode 100644 index 000000000..612aca2db --- /dev/null +++ b/wp-content/plugins/http-headers/views/x-permitted-cross-domain-policies.php @@ -0,0 +1,35 @@ + + + X-Permitted-Cross-Domain-Policies +

+ + +
+ X-Permitted-Cross-Domain-Policies + $v) + { + ?>

+
+ + + + + + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/x-powered-by.php b/wp-content/plugins/http-headers/views/x-powered-by.php new file mode 100644 index 000000000..2476c1774 --- /dev/null +++ b/wp-content/plugins/http-headers/views/x-powered-by.php @@ -0,0 +1,41 @@ + + + X-Powered-By +

+ + +
+ X-Powered-By + $v ) { + ?>

+ +

+
+ + + + + + /> + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/x-robots-tag.php b/wp-content/plugins/http-headers/views/x-robots-tag.php new file mode 100644 index 000000000..56ef6c1da --- /dev/null +++ b/wp-content/plugins/http-headers/views/x-robots-tag.php @@ -0,0 +1,96 @@ + + + X-Robots-Tag +

<meta name="robots" content="...">.', 'http-headers'); ?>

+
+

+ +

+ + +
+ X-Robots-Tag + $v) + { + ?>

+
+ + + + + 'bool', + 'noindex' => 'bool', + 'nofollow' => 'bool', + 'none' => 'bool', + 'noarchive' => 'bool', + 'nosnippet' => 'bool', + 'max-snippet' => 'number', + 'max-image-preview' => 'setting', + 'max-video-preview' => 'number', + 'notranslate' => 'bool', + 'noimageindex' => 'bool', + 'unavailable_after' => 'datetime', + ); + ?> + + $type) + { + ?> + + + + + +
+ value="1"> + value=" 0 ? (int) $x_robots_tag_value[$item] : NULL; ?>"> + value=" 0 ? $x_robots_tag_value[$item] : NULL; ?>"> +
+ + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/x-ua-compatible.php b/wp-content/plugins/http-headers/views/x-ua-compatible.php new file mode 100644 index 000000000..01ed063ec --- /dev/null +++ b/wp-content/plugins/http-headers/views/x-ua-compatible.php @@ -0,0 +1,35 @@ + + + X-UA-Compatible +

+ + +
+ X-UA-Compatible + $v) + { + ?>

+
+ + + + + + + \ No newline at end of file diff --git a/wp-content/plugins/http-headers/views/x-xss-protection.php b/wp-content/plugins/http-headers/views/x-xss-protection.php new file mode 100644 index 000000000..3ec0c13a2 --- /dev/null +++ b/wp-content/plugins/http-headers/views/x-xss-protection.php @@ -0,0 +1,41 @@ + + + X-XSS-Protection +

+
+

+ +

+ + +
+ X-XSS-Protection + $v) + { + ?>

+
+ + + + + + /> + + \ No newline at end of file diff --git a/wp-content/themes/wp-framework/header.php b/wp-content/themes/wp-framework/header.php index e39874952..304ea4c7c 100644 --- a/wp-content/themes/wp-framework/header.php +++ b/wp-content/themes/wp-framework/header.php @@ -60,17 +60,7 @@ diff --git a/wp-content/themes/wp-framework/inc/theme-menus-widgets.php b/wp-content/themes/wp-framework/inc/theme-menus-widgets.php index 4effcc1d1..2c604e885 100644 --- a/wp-content/themes/wp-framework/inc/theme-menus-widgets.php +++ b/wp-content/themes/wp-framework/inc/theme-menus-widgets.php @@ -49,7 +49,8 @@ function wpeb_register_theme_menus() { register_nav_menu($location, $name); } } -add_action('init', 'wpeb_register_theme_menus'); +// ToDo: Fix broken menu initialization +// add_action('init', 'wpeb_register_theme_menus'); /** * Remove the
surrounding the dynamic WP Navigation to clean up markup