Improved settings of CSPs.

Added manifest.json.
Added further security-related HTTP headers.

edit/settings.php

@@ -22,7 +22,7 @@ $pages = loadPages();           // Load overview of pages.
  */
 
 // Check for vars.
-loadHttpToGlobals(["task", "startPage", "pageTitle", "logo", "url", "css", "hideInstitution", "mdVersion", "mdImgFolder", "cacheRefreshInterval", "limitToInstitutions", "maxFileSize", "defaultLang"]);
+loadHttpToGlobals(["task", "startPage", "pageTitle", "logo", "url", "css", "hideInstitution", "mdVersion", "mdImgFolder", "cacheRefreshInterval", "limitToInstitutions", "maxFileSize", "sendHTTPHeaders", "CSPimageSources", "CSPobjectSources", "defaultLang"]);
 
 if (isset($task) and $task == "update") { // Adding new users.
 
@@ -36,7 +36,7 @@ if (isset($task) and $task == "update") { // Adding new users.
     if (isset($mdImgFolder)) $mdImgFolder = rtrim($mdImgFolder, "/") . "/";
 
     if (isset($limitToInstitutions)) $settings['limitToInstitutions'] = array_diff(explode(',', $limitToInstitutions), ['']);
-    foreach (["startPage", "pageTitle", "logo", "url", "css", "hideInstitution", "mdVersion", "mdImgFolder", "cacheRefreshInterval", "maxFileSize", "defaultLang"] as $var) {
+    foreach (["startPage", "pageTitle", "logo", "url", "css", "hideInstitution", "mdVersion", "mdImgFolder", "cacheRefreshInterval", "maxFileSize", "sendHTTPHeaders", "CSPimageSources", "CSPobjectSources", "defaultLang"] as $var) {
         if (isset($$var)) $settings[$var] = $$var;
     }
 
@@ -53,7 +53,7 @@ if (isset($task) and $task == "update") { // Adding new users.
  * Output
  */
 
-echo printBackendHead($translations['settings'], $translations['settings'], $settings['logo']);
+echo printBackendHead($settings, $translations['settings'], $translations['settings'], $settings['logo']);
 echo printBackendHeader($translations['settings'], $translations['helpSettings']);
 
 echo '
@@ -70,6 +70,10 @@ echo '
         <form action="" method="POST">
         <table class="obj_cha_maintable">
 
+            <tr>
+                <th colspan="3" class="sectionTH">' . $translations['general'] . '</th>
+            </tr>
+
             <!-- Start page -->
             <tr>
                 <th><label for="startPage">' . $translations['startPage'] . '</label></th>
@@ -117,6 +121,7 @@ echo '
                     <select name="css" id="settingsUsedCSS">
                     ';
 foreach (scanDirConts(__DIR__ . "/../themes") as $cssOption) {
+    if (!is_dir(__DIR__ . "/../themes/$cssOption")) continue;
     echo '<option value="' . $cssOption . '"';
     if ($settings['css'] == $cssOption) echo ' selected';
     echo '>' . $cssOption . '</option>';
@@ -127,13 +132,25 @@ echo '
                 <td>' . generateHelpToolTip("helpSettingsUsedCSS", $translations['settingsUsedCSS'], $translations['helpSettingsUsedCSS']) . '</td>
             </tr>
 
-            <!-- Hiding attribution (if the page is for only one museum) or not -->
             <tr>
-                <th><label for="hideInstitution">' . $translations['hideInstitution'] . '</label></th>
+                <th><label for="language">' . $translations['language'] . '</label></th>
                 <td>
-                    <input name="hideInstitution" id="hideInstitution" type="range" min="0" max="1" value="' . (string)$settings['hideInstitution'] . '" />
+                    <select name="defaultLang" id="language">
+                    ';
+foreach (scanDirConts(__DIR__ . "/translations") as $lang) {
+    $lang = pathinfo($lang)['filename'];
+    echo '<option value="' . $lang . '"';
+    if ($settings['defaultLang'] == $lang) echo ' selected';
+    echo '>' . $lang . '</option>';
+}
+echo '
+                    </select>
                 </td>
-                <td>' . generateHelpToolTip("helpHideInstitution", $translations['hideInstitution'], $translations['helpHideInstitution']) . '</td>
+                <td>' . generateHelpToolTip("helpLanguage", $translations['language'], $translations['helpLanguage']) . '</td>
+            </tr>
+
+            <tr>
+                <th colspan="3" class="sectionTH">' . $translations['integrationWithMD'] . '</th>
             </tr>
 
             <!-- MD Version -->
@@ -164,6 +181,19 @@ echo '
                 <td>' . generateHelpToolTip("helpLimitToInstitutions", $translations['limitToInstitutions'], $translations['helpLimitToInstitutions']) . '</td>
             </tr>
 
+            <!-- Hiding attribution (if the page is for only one museum) or not -->
+            <tr>
+                <th><label for="hideInstitution">' . $translations['hideInstitution'] . '</label></th>
+                <td>
+                    <input name="hideInstitution" id="hideInstitution" type="range" min="0" max="1" value="' . (string)$settings['hideInstitution'] . '" />
+                </td>
+                <td>' . generateHelpToolTip("helpHideInstitution", $translations['hideInstitution'], $translations['helpHideInstitution']) . '</td>
+            </tr>
+
+            <tr>
+                <th colspan="3" class="sectionTH">' . $translations['security'] . '</th>
+            </tr>
+
             <!-- Max Upload Size -->
             <tr>
                 <th><label for="maxFileSize">' . $translations['maxFileSize'] . '</label></th>
@@ -171,21 +201,27 @@ echo '
                 <td>' . generateHelpToolTip("helpMaxFileSize", $translations['maxFileSize'], $translations['helpMaxFileSize']) . '</td>
             </tr>
 
+            <!-- Whether or not to send security-related headers -->
             <tr>
-                <th><label for="language">' . $translations['language'] . '</label></th>
+                <th><label for="sendHTTPHeaders">' . $translations['sendHTTPHeaders'] . '</label></th>
                 <td>
-                    <select name="defaultLang" id="language">
-                    ';
-foreach (scanDirConts(__DIR__ . "/translations") as $lang) {
-    $lang = pathinfo($lang)['filename'];
-    echo '<option value="' . $lang . '"';
-    if ($settings['defaultLang'] == $lang) echo ' selected';
-    echo '>' . $lang . '</option>';
-}
-echo '
-                    </select>
+                    <input name="sendHTTPHeaders" id="sendHTTPHeaders" type="range" min="0" max="1" value="' . (string)$settings['sendHTTPHeaders'] . '" />
                 </td>
-                <td>' . generateHelpToolTip("helpLanguage", $translations['language'], $translations['helpLanguage']) . '</td>
+                <td>' . generateHelpToolTip("helpSendHTTPHeaders", $translations['sendHTTPHeaders'], $translations['helpSendHTTPHeaders']) . '</td>
+            </tr>
+
+            <!-- Image sources whitelisted for CSPs -->
+            <tr>
+                <th><label for="CSPimageSources">' . $translations['CSPimageSources'] . '</label></th>
+                <td><input type="text" id="CSPimageSources" name="CSPimageSources" placeholder="' . $translations['CSPimageSources']. '" value="'.$settings['CSPimageSources'].'" /></td>
+                <td>' . generateHelpToolTip("helpCSPimageSources", $translations['CSPimageSources'], $translations['helpCSPimageSources']) . '</td>
+            </tr>
+
+            <!-- Object and frame sources whitelisted for CSPs -->
+            <tr>
+                <th><label for="CSPobjectSources">' . $translations['CSPobjectSources'] . '</label></th>
+                <td><input type="text" id="CSPobjectSources" name="CSPobjectSources" placeholder="' . $translations['CSPobjectSources']. '" value="'.$settings['CSPobjectSources'].'" /></td>
+                <td>' . generateHelpToolTip("helpCSPobjectSources", $translations['CSPobjectSources'], $translations['helpCSPobjectSources']) . '</td>
             </tr>
 
             <tr>