<?
$white_list = array(
"https://bitrix.info:*",
"https://*.bitrix.info:*",
"https://another-site.ru:*",
"https://api.pozvonim.com:*",
"https://cdn.pozvonim.com:*",
"https://cdnjs.cloudflare.com:*",
"https://site.ru:*",
"https://mc.yandex.ru:*",
"https://oss.maxcdn.com:*",
"https://*.maps.yandex.net",
"https://api-maps.yandex.ru",
"https://code.jivosite.com:*",
"https://googleads.g.doubleclick.net:*",
"https://www.googleadservices.com:*",
"https://www.google.com/ads/user-lists/",
"https://www.google.ru/ads/user-lists/",
"https://www.google-analytics.com:*",
"https://maps.google.com:*",
"https://*.googleapis.com:*",
"https://*.gstatic.com:*",
"https://*.googleapis.com:*",
"https://code.jivosite.com:*",
"https://cdn.voximplant.com:*",
"https://www.gravatar.com:*",
"https://yastatic.net:*",
"https://*.youtube.com:*",
"https://*.ytimg.com:*",
"https://*.gstatic.com:*");
$defuult_src = "default-src 'self' dat a: " . join(" ", $white_list) . ";";
$script_src = "script-src 'self' 'unsafe-inline' 'unsafe-eval' " . join(" ", $white_list) . " ;";
$style_src = "style-src 'self' 'unsafe-inline' " . join(" ", $white_list) . " ;";
$img_src = "img-src 'self' dat a: " . join(" ", $white_list) . ";";
$font_src = "font-src 'self' " . join(" ", $white_list) . ";";
foreach (array('Content-Security-Policy', 'X-Content-Security-Policy', 'X-WebKit-CSP') as $header) {
header($header . ":" . $defuult_src . $script_src .$style_src . $img_src .$font_src);
}
?>
|