Browse Source

Add link preload headers

master
Skylar Ittner 1 year ago
parent
commit
35e531a56b
3 changed files with 17 additions and 2 deletions
  1. 8
    0
      app.php
  2. 5
    0
      index.php
  3. 4
    2
      required.php

+ 8
- 0
app.php View File

@@ -18,6 +18,12 @@ if (!is_empty($_GET['page'])) {
18 18
         $pageid = "404";
19 19
     }
20 20
 }
21
+
22
+header("Link: <static/css/bootstrap.min.css>; rel=preload; as=style", false);
23
+header("Link: <static/css/material-color/material-color.min.css>; rel=preload; as=style", false);
24
+header("Link: <static/css/app.css>; rel=preload; as=style", false);
25
+header("Link: <static/js/jquery-3.3.1.min.js>; rel=preload; as=script", false);
26
+header("Link: <static/js/bootstrap.min.js>; rel=preload; as=script", false);
21 27
 ?>
22 28
 <!DOCTYPE html>
23 29
 <html>
@@ -43,6 +49,7 @@ if (!is_empty($_GET['page'])) {
43 49
         if (isset(PAGES[$pageid]['styles'])) {
44 50
             foreach (PAGES[$pageid]['styles'] as $style) {
45 51
                 echo "<link href=\"$style\" rel=\"stylesheet\">\n";
52
+                header("Link: <$style>; rel=preload; as=style", false);
46 53
             }
47 54
         }
48 55
         ?>
@@ -169,6 +176,7 @@ END;
169 176
         if (isset(PAGES[$pageid]['scripts'])) {
170 177
             foreach (PAGES[$pageid]['scripts'] as $script) {
171 178
                 echo "<script src=\"$script\"></script>\n";
179
+                header("Link: <$script>; rel=preload; as=script", false);
172 180
             }
173 181
         }
174 182
         ?>

+ 5
- 0
index.php View File

@@ -72,6 +72,11 @@ if (checkLoginServer()) {
72 72
 } else {
73 73
     $alert = lang("login server unavailable", false);
74 74
 }
75
+header("Link: <static/css/bootstrap.min.css>; rel=preload; as=style", false);
76
+header("Link: <static/css/material-color/material-color.min.css>; rel=preload; as=style", false);
77
+header("Link: <static/css/index.css>; rel=preload; as=style", false);
78
+header("Link: <static/js/jquery-3.3.1.min.js>; rel=preload; as=script", false);
79
+header("Link: <static/js/bootstrap.min.js>; rel=preload; as=script", false);
75 80
 ?>
76 81
 <!DOCTYPE html>
77 82
 <html>

+ 4
- 2
required.php View File

@@ -7,10 +7,12 @@ ob_start(); // allow sending headers after content
7 7
 // Unicode, solves almost all stupid encoding problems
8 8
 header('Content-Type: text/html; charset=utf-8');
9 9
 
10
-// l33t $ecurity h4x
10
+// Strip PHP version
11
+header('X-Powered-By: PHP');
12
+
13
+// Security
11 14
 header('X-Content-Type-Options: nosniff');
12 15
 header('X-XSS-Protection: 1; mode=block');
13
-header('X-Powered-By: PHP'); // no versions makes it harder to find vulns
14 16
 header('X-Frame-Options: "DENY"');
15 17
 header('Referrer-Policy: "no-referrer, strict-origin-when-cross-origin"');
16 18
 $SECURE_NONCE = base64_encode(random_bytes(8));

Loading…
Cancel
Save