github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-07-05 20:41:41 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Revert "feat: Added secure headers configuring (#1856)"

Browse source 
This reverts commit 9766c534bd.
This commit is contained in:
Roman Kelesidis 2025-03-19 14:25:51 +03:00
parent 4f8b51febd
commit 467225e6e4
4 changed files with 4 additions and 932 deletions
Download patch file Download diff file Expand all files Collapse all files

5
common.php
View file

@ -38,6 +38,7 @@ if (!defined('BB_SCRIPT')) {
define('BB_SCRIPT', null);
}
header('X-Frame-Options: SAMEORIGIN');
date_default_timezone_set('UTC');
// Set remote address
@ -105,10 +106,6 @@ define('FORUM_PATH', $bb_cfg['script_path']);
define('FULL_URL', $server_protocol . $bb_cfg['server_name'] . $server_port . $bb_cfg['script_path']);
unset($server_protocol, $server_port);
// Secure headers
$secureHeaders = \Bepsvpt\SecureHeaders\SecureHeaders::fromFile(BB_PATH . '/library/config.secure-headers.php');
$secureHeaders->send();
/**
* Database
*/

1
composer.json
View file

@ -56,7 +56,6 @@
"belomaxorka/captcha": "1.*",
"egulias/email-validator": "^4.0.1",
"filp/whoops": "^2.15",
"bepsvpt/secure-headers": "9.*",
"z4kn4fein/php-semver": "^v3.0.0",
"nemorize/indexnow": "^0.0.1",
"gigablah/sphinxphp": "2.0.8",

85
composer.lock generated
View file

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "098530029429a81a4a25a5d7276584c4",
"content-hash": "c1e345a7abe58feb13d951acfd499e95",
"packages": [
{
"name": "arokettu/bencode",
@ -470,85 +470,6 @@
},
"time": "2025-03-10T13:15:53+00:00"
},
{
"name": "bepsvpt/secure-headers",
"version": "9.0.0",
"source": {
"type": "git",
"url": "https://github.com/bepsvpt/secure-headers.git",
"reference": "7efbc3d8b988051b5ff81c4cacd1d12e875528ed"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/bepsvpt/secure-headers/zipball/7efbc3d8b988051b5ff81c4cacd1d12e875528ed",
"reference": "7efbc3d8b988051b5ff81c4cacd1d12e875528ed",
"shasum": ""
},
"require": {
"ext-json": "*",
"php": "^7.1 || ^8.0"
},
"require-dev": {
"ergebnis/composer-normalize": "^2.42",
"ext-xdebug": "*",
"laravel/pint": "^1.14",
"orchestra/testbench": "^3.1 || ^4.18 || ^5.20 || ^6.43 || ^7.41 || ^8.22 || ^9.0",
"phpstan/phpstan": "^1.10",
"phpunit/phpunit": "^5.7 || ^6.5 || ^7.5 || ^8.5 || ^9.6 || ^10.5"
},
"type": "library",
"extra": {
"laravel": {
"providers": [
"Bepsvpt\\SecureHeaders\\SecureHeadersServiceProvider"
]
}
},
"autoload": {
"files": [
"src/helpers.php"
],
"psr-4": {
"Bepsvpt\\SecureHeaders\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "bepsvpt",
"email": "6ibrl@cpp.tw"
}
],
"description": "Add security related headers to HTTP response. The package includes Service Providers for easy Laravel integration.",
"homepage": "https://github.com/bepsvpt/secure-headers",
"keywords": [
"clear-site-data",
"content-security-policy",
"csp",
"except-ct",
"feature-policy",
"header",
"hsts",
"https",
"laravel",
"permissions-policy",
"referrer-policy"
],
"support": {
"issues": "https://github.com/bepsvpt/secure-headers/issues",
"source": "https://github.com/bepsvpt/secure-headers/tree/9.0.0"
},
"funding": [
{
"url": "https://opencollective.com/secure-headers",
"type": "open_collective"
}
],
"time": "2025-01-18T07:18:04+00:00"
},
{
"name": "bugsnag/bugsnag",
"version": "v3.29.3",
@ -3933,6 +3854,6 @@
"platform": {
"php": "^8.1 | ^8.2 | ^8.3 | ^8.4"
},
"platform-dev": {},
"plugin-api-version": "2.6.0"
"platform-dev": [],
"plugin-api-version": "2.3.0"
}

845
library/config.secure-headers.php
View file

@ -1,845 +0,0 @@
<?php
/**
* TorrentPier Bull-powered BitTorrent tracker engine
*
* @copyright Copyright (c) 2005-2025 TorrentPier (https://torrentpier.com)
* @link https://github.com/torrentpier/torrentpier for the canonical source repository
* @license https://github.com/torrentpier/torrentpier/blob/master/LICENSE MIT License
*/
if (!defined('BB_ROOT')) {
die(basename(__FILE__));
}
return [
/**
* Server
*
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Server
*
* Note: When server is empty string, it will not be added to the response header.
*/
'server' => '',
/**
* X-Content-Type-Options
*
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
*
* Available Value: 'nosniff'
*/
'x-content-type-options' => 'nosniff',
/**
* X-DNS-Prefetch-Control
*
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control
*
* Available Value: 'on', 'off'
*/
'x-dns-prefetch-control' => '',
/**
* X-Download-Options
*
* @see https://msdn.microsoft.com/en-us/library/jj542450(v=vs.85).aspx
*
* Available Value: 'noopen'
*/
'x-download-options' => 'noopen',
/**
* X-Frame-Options
*
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
* @deprecated The X-Frame-Options is no longer recommended for use; please use Content-Security-Policy (CSP) instead.
*
* Available Value: 'deny', 'sameorigin', 'allow-from <uri>'
*/
'x-frame-options' => 'sameorigin',
/**
* X-Permitted-Cross-Domain-Policies
*
* @see https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/xdomain.html
*
* Available Value: 'all', 'none', 'master-only', 'by-content-type', 'by-ftp-filename'
*/
'x-permitted-cross-domain-policies' => 'none',
/**
* X-Powered-By
*
* Note: it will not add to response header if the value is empty string.
*
* Also, verify that expose_php is turned Off in php.ini.
* Otherwise, the header will still be included in the response.
*
* @see https://github.com/bepsvpt/secure-headers/issues/58#issuecomment-782332442
*/
'x-powered-by' => '',
/**
* X-XSS-Protection
*
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
* @deprecated The X-XSS-Protection is no longer recommended for use; please use Content-Security-Policy (CSP) instead.
*
* Available Value: '1', '0', '1; mode=block'
*/
'x-xss-protection' => '',
/**
* Referrer-Policy
*
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
*
* Available Value: 'no-referrer', 'no-referrer-when-downgrade', 'origin', 'origin-when-cross-origin',
* 'same-origin', 'strict-origin', 'strict-origin-when-cross-origin', 'unsafe-url'
*/
'referrer-policy' => 'no-referrer',
/**
* Cross-Origin-Embedder-Policy
*
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy
*
* Available Value: 'unsafe-none', 'require-corp', 'credentialless'
*/
'cross-origin-embedder-policy' => 'unsafe-none',
/**
* Cross-Origin-Opener-Policy
*
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy
*
* Available Value: 'unsafe-none', 'same-origin-allow-popups', 'same-origin'
*/
'cross-origin-opener-policy' => 'unsafe-none',
/**
* Cross-Origin-Resource-Policy
*
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy
*
* Available Value: 'same-site', 'same-origin', 'cross-origin'
*/
'cross-origin-resource-policy' => 'cross-origin',
/**
* Clear-Site-Data
*
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data
*/
'clear-site-data' => [
'enable' => false,
'all' => false,
'cache' => true,
'clientHints' => true,
'cookies' => true,
'storage' => true,
'executionContexts' => true,
],
/**
* HTTP Strict Transport Security
*
* @see https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
*
* Note: Please ensure your website had set up ssl/tls before enable hsts.
*/
'hsts' => [
'enable' => false,
'max-age' => 31536000,
'include-sub-domains' => false,
'preload' => false,
],
/**
* Reporting Endpoints
*
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Reporting-Endpoints
*
* Note: The array key is the endpoint name, and the value is the URL.
*/
'reporting' => [
// 'csp' => 'https://example.com/csp-reports',
// 'nel' => 'https://example.com/nel-reports',
],
/**
* Network Error Logging
*
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Network_Error_Logging
* @see https://developer.mozilla.org/en-US/docs/Web/API/Reporting_API
*/
'nel' => [
'enable' => false,
// The name of reporting API, not the endpoint URL.
'report-to' => '',
'max-age' => 86400,
'include-subdomains' => false,
'success-fraction' => 0.0,
'failure-fraction' => 1.0,
],
/**
* Expect-CT
*
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
* @deprecated This feature is no longer recommended.
*/
'expect-ct' => [
'enable' => false,
'max-age' => 2147483648,
'enforce' => false,
// report uri must be absolute-URI
'report-uri' => null,
],
/**
* Permissions Policy
*
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
*/
'permissions-policy' => [
'enable' => true,
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/accelerometer
'accelerometer' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/ambient-light-sensor
'ambient-light-sensor' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/attribution-reporting
'attribution-reporting' => [
'none' => false,
'*' => true,
'self' => false,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/autoplay
'autoplay' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/bluetooth
'bluetooth' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/browsing-topics
'browsing-topics' => [
'none' => false,
'*' => true,
'self' => false,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/camera
'camera' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/compute-pressure
'compute-pressure' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/compute-pressure
'cross-origin-isolated' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/display-capture
'display-capture' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/document-domain
'document-domain' => [
'none' => false,
'*' => true,
'self' => false,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/encrypted-media
'encrypted-media' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/fullscreen
'fullscreen' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/gamepad
'gamepad' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/geolocation
'geolocation' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/gyroscope
'gyroscope' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/hid
'hid' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/identity-credentials-get
'identity-credentials-get' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/idle-detection
'idle-detection' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/local-fonts
'local-fonts' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/magnetometer
'magnetometer' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/microphone
'microphone' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/midi
'midi' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/otp-credentials
'otp-credentials' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/payment
'payment' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/picture-in-picture
'picture-in-picture' => [
'none' => false,
'*' => true,
'self' => false,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/publickey-credentials-create
'publickey-credentials-create' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/publickey-credentials-get
'publickey-credentials-get' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/screen-wake-lock
'screen-wake-lock' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/serial
'serial' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/speaker-selection
'speaker-selection' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/storage-access
'storage-access' => [
'none' => false,
'*' => true,
'self' => false,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/usb
'usb' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/web-share
'web-share' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/window-management
'window-management' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy/xr-spatial-tracking
'xr-spatial-tracking' => [
'none' => false,
'*' => false,
'self' => true,
'origins' => [],
],
],
/**
* Content Security Policy
*
* @see https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
*/
'csp' => [
'enable' => true,
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
'report-only' => false,
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to
'report-to' => '',
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri
'report-uri' => [
// uri
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/block-all-mixed-content
'block-all-mixed-content' => false,
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests
'upgrade-insecure-requests' => false,
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/base-uri
'base-uri' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/child-src
'child-src' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src
'connect-src' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src
'default-src' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/fenced-frame-src
'fenced-frame-src' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src
'font-src' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/form-action
'form-action' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
'frame-ancestors' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src
'frame-src' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src
'img-src' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/manifest-src
'manifest-src' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/media-src
'media-src' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/object-src
'object-src' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/prefetch-src
'prefetch-src' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/require-trusted-types-for
'require-trusted-types-for' => [
'script' => false,
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox
'sandbox' => [
'enable' => false,
'allow-downloads' => false,
'allow-forms' => false,
'allow-modals' => false,
'allow-orientation-lock' => false,
'allow-pointer-lock' => false,
'allow-popups' => false,
'allow-popups-to-escape-sandbox' => false,
'allow-presentation' => false,
'allow-same-origin' => false,
'allow-scripts' => false,
'allow-storage-access-by-user-activation' => false,
'allow-top-navigation' => false,
'allow-top-navigation-by-user-activation' => false,
'allow-top-navigation-to-custom-protocols' => false,
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src
'script-src' => [
'none' => false,
'self' => false,
'report-sample' => false,
'allow' => [
// 'url',
],
'schemes' => [
// 'data:',
// 'https:',
],
/* followings are only work for `script` and `style` related directives */
'unsafe-inline' => false,
'unsafe-eval' => false,
// https://www.w3.org/TR/CSP3/#unsafe-hashes-usage
'unsafe-hashes' => false,
// Enable `strict-dynamic` will *ignore* `self`, `unsafe-inline`,
// `allow` and `schemes`. You can find more information from:
// https://www.w3.org/TR/CSP3/#strict-dynamic-usage
'strict-dynamic' => false,
'hashes' => [
'sha256' => [
// 'sha256-hash-value-with-base64-encode',
],
'sha384' => [
// 'sha384-hash-value-with-base64-encode',
],
'sha512' => [
// 'sha512-hash-value-with-base64-encode',
],
],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src-attr
'script-src-attr' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src-elem
'script-src-elem' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src
'style-src' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src-attr
'style-src-attr' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src-elem
'style-src-elem' => [
//
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/trusted-types
'trusted-types' => [
'enable' => false,
'none' => false,
'allow-duplicates' => false,
'policies' => [
//
],
],
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src
'worker-src' => [
//
],
],
];