File: examples/example3.php

Recommend this page to a friend!

examples/example3.php

File:	`examples/example3.php`
Role:	Example script
Content type:	`text/plain`
Description:	Example: how to allow to use ajax requests.
Class:	PHP Content Security Policy generator Generate CSP headers to prevent security attacks
Author:	By Tom Postma
Last change:	Update examples, in examples 2 and 6 the resources are only loaded over https. Signed-off-by: Tom <D9ping@users.noreply.github.com>
Date:	6 years ago
Size:	`893 bytes`

Download


<?php

require_once('../CSPGenerator.php');



// Allow use of AJAX requests to same origin.

CSPGenerator::getInstance()->addConnectsrc("'self'");

CSPGenerator::getInstance()->addScriptsrc("'self'");





// Set the headers, always call this method before any content output.

CSPGenerator::getInstance()->Parse();

if (!empty(filter_input(INPUT_GET, 'getresponse'))) {

    header('X-Content-Type-Options: nosniff');

    header('Content-type: text/xml; charset=utf-8');

    echo '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>'."\r\n";

    echo '<response>Okay</response>'."\r\n";

} else {

?><!DOCTYPE html>

<html>

    <head>

        <meta charset="UTF-8">

        <title>example3 - allow ajax requests to same orgin</title>

    </head>

    <body>

        <div id="result"><noscript>JavaScript not enabled.</noscript></div>

        <script type="application/javascript" src="./example3.js"></script>

    </body>

</html>

<?php

}

About us

Advertise on this site

For more information send a message to info at phpclasses dot org.

File: examples/example3.php

Contents