+
+ ' . $translations['general'] . ' |
+
+
|
@@ -117,6 +121,7 @@ echo '
-
- |
+ |
-
+
|
- ' . generateHelpToolTip("helpHideInstitution", $translations['hideInstitution'], $translations['helpHideInstitution']) . ' |
+ ' . generateHelpToolTip("helpLanguage", $translations['language'], $translations['helpLanguage']) . ' |
+
+
+
+ ' . $translations['integrationWithMD'] . ' |
@@ -164,6 +181,19 @@ echo '
' . generateHelpToolTip("helpLimitToInstitutions", $translations['limitToInstitutions'], $translations['helpLimitToInstitutions']) . ' |
+
+
+ |
+
+
+ |
+ ' . generateHelpToolTip("helpHideInstitution", $translations['hideInstitution'], $translations['helpHideInstitution']) . ' |
+
+
+
+ ' . $translations['security'] . ' |
+
+
|
@@ -171,21 +201,27 @@ echo '
' . generateHelpToolTip("helpMaxFileSize", $translations['maxFileSize'], $translations['helpMaxFileSize']) . ' |
+
- |
+ |
-
+
|
- ' . generateHelpToolTip("helpLanguage", $translations['language'], $translations['helpLanguage']) . ' |
+ ' . generateHelpToolTip("helpSendHTTPHeaders", $translations['sendHTTPHeaders'], $translations['helpSendHTTPHeaders']) . ' |
+
+
+
+
+ |
+ |
+ ' . generateHelpToolTip("helpCSPimageSources", $translations['CSPimageSources'], $translations['helpCSPimageSources']) . ' |
+
+
+
+
+ |
+ |
+ ' . generateHelpToolTip("helpCSPobjectSources", $translations['CSPobjectSources'], $translations['helpCSPobjectSources']) . ' |
diff --git a/edit/themes/default/default.css b/edit/themes/default/default.css
index 735226f..7533558 100644
--- a/edit/themes/default/default.css
+++ b/edit/themes/default/default.css
@@ -109,6 +109,8 @@ table.obj_cha_maintable button:only-child,
table.obj_cha_maintable input:only-child { width: 100%; }
table.obj_cha_maintable textarea:only-child { width: 100%; height: 14em; }
+table.obj_cha_maintable th.sectionTH { padding: 1em 0; font-size: 1.1em; font-weight: bold; }
+table.obj_cha_maintable > tbody > tr:first-child th.sectionTH { padding: 0 0 1em 0; }
table.obj_cha_maintable input[type="range"]:only-child { margin: .5em -1em 0 0; }
@media screen and (min-width:65em) {
diff --git a/edit/translations/en.php b/edit/translations/en.php
index e02c6ab..9ba98c3 100644
--- a/edit/translations/en.php
+++ b/edit/translations/en.php
@@ -16,6 +16,9 @@ $translations = [
"preview" => "Preview",
"banner" => "Banner",
"delete" => "Delete",
+ "general" => "General Settings",
+ "security" => "Security",
+ "integrationWithMD" => "Integration with Museum-Digital",
"languageUnavailable" => "This language is not available.",
"settingsUpdated" => "Updated settings.",
"staticPageTitle" => "Page title",
@@ -41,6 +44,29 @@ $translations = [
"helpAdmin" => "Is the user an administrator?
",
"language" => "Language",
"helpLanguage" => "The default language of this instance of md:cms.
",
+ "sendHTTPHeaders" => "Send additional HTTP Headers",
+ "helpSendHTTPHeaders" => "md:cms can send additional directives to the browser to increase security. Your server administrator can set these server wide, and if they have done so already, you should disable this option (this is by far the prefered way). In most cases, server administrators have not opted to do so yet, and keeping this option enabled makes sense. If you want to inquire into this further, the Mozilla Observatory is a useful resource.
+
+ The default headers sent are the following:
+
+ X-Content-Type-Options: nosniff
+ X-XSS-Protection: 1; mode=block
+ Strict-Transport-Security: max-age=31536000; preload
+ Referrer-Policy: strict-origin
+
+ ",
+ "CSPimageSources" => "Image sources (whitelist)",
+ "helpCSPimageSources" => "
+ To increase security, md:cms directs browsers to refrain from loading images from any but the whitelisted sources. By default, only the current domain and the linked instance of museum-digital are whitelisted.
+ If you, for example, want to embed images from flickr.com, you either need to download the images and upload them here, or you whitelist flickr. To whitelist domains, please enter them one by one into the field, separated by whitespaces. E.g.
+ https://www.flickr.com https://www.google.com
+
",
+ "CSPobjectSources" => "Object sources (whitelist)",
+ "helpCSPobjectSources" => "
+ To increase security, md:cms directs browsers to refrain from loading frames and objects from any but the whitelisted sources. By default, only the current domain and the linked instance of museum-digital are whitelisted.
+ If you, for example, want to embed videos from youtube.com, you need to whitelist youtube. To whitelist domains, please enter them one by one into the field, separated by whitespaces. E.g.
+ https://www.youtube.com https://www.vimeo.com
+
",
"maxFileSize" => "Maximum upload size",
"helpMaxFileSize" => "The maximum file size of file uploads.
",
"cacheRefreshInterval" => "Cache Refresh Interval",
diff --git a/edit/users.php b/edit/users.php
index d8f0a11..bdfbeed 100644
--- a/edit/users.php
+++ b/edit/users.php
@@ -84,7 +84,7 @@ if (isset($task) and $task == "insert") { // Adding new users.
* Output
*/
-echo printBackendHead($translations['start'], $translations['start'], $settings['logo']);
+echo printBackendHead($settings, $translations['start'], $translations['start'], $settings['logo']);
echo printBackendHeader($translations['usersOverview'], $translations['helpUsers']);
echo '
diff --git a/inc/functions.php b/inc/functions.php
index 2fafc08..1bb107e 100644
--- a/inc/functions.php
+++ b/inc/functions.php
@@ -74,19 +74,28 @@ function ensureEnvironment() {
"logo" => "",
"url" => "",
"css" => "default",
- "hideInstitution" => 0,
+ "defaultLang" => "en",
"cacheRefreshInterval" => 0,
"mdVersion" => "https://rlp.museum-digital.de/",
"mdImgFolder" => "https://rlp.museum-digital.de/data/rlp/",
+ "hideInstitution" => 0,
"limitToInstitutions" => [],
+ "sendHTTPHeaders" => 1,
+ "CSPimageSources" => "",
+ "CSPobjectSources" => "",
"maxFileSize" => 300000,
- "defaultLang" => "en"
],
json_decode(file_get_contents(__DIR__ . "/../data/settings.json"), true)
);
$GLOBALS['settings'] = $settings;
+ if ($settings['sendHTTPHeaders']) {
+ header('X-Content-Type-Options: nosniff');
+ header('X-XSS-Protection: 1; mode=block');
+ header('Strict-Transport-Security: max-age=31536000; preload');
+ header('Referrer-Policy: strict-origin');
+ }
}
diff --git a/inc/standardHTML.php b/inc/standardHTML.php
index 70aeb89..f9c9a8a 100644
--- a/inc/standardHTML.php
+++ b/inc/standardHTML.php
@@ -25,11 +25,18 @@ function printPublicHead(array $settings, string $page = "home", string $title =
-
+
' . $title . '
-
+
+
';
$output .= $additional;
diff --git a/manifest.php b/manifest.php
new file mode 100644
index 0000000..a0b7216
--- /dev/null
+++ b/manifest.php
@@ -0,0 +1,40 @@
+
+ */
+
+// Include functions and settings.
+
+require_once __DIR__ . "/inc/functions.php";
+
+// Ensure working environment for frontend.
+
+ensureEnvironment();
+
+// Fill output array
+
+$data = [];
+
+$data["name"] = $data['short_name'] = $settings['pageTitle'];
+$data["start_url"] = "/";
+$data["display"] = "standalone";
+$data["background_color"] = "#000";
+$data["theme_color"] = "#AFB42B";
+$data["description"] = "Website of " . $settings['pageTitle'];
+
+/*
+$data['icons'] = [
+ "src" => $settings['logo'],
+ "type" => mime_content_type(__DIR__ . $settings['logo'])
+];
+ */
+
+// Return JSON-encoded data.
+
+header('Content-Type: application/json');
+echo json_encode($data, JSON_PRETTY_PRINT);
+
+?>
+