innhold/content/index.php

<?php
// Handle /app static file requests
if (str_starts_with($_SERVER['REQUEST_URI'], '/app/')) {
    require __DIR__ . '/../app/static.php';
    exit;
}

// Harden session cookie before any session starts
ini_set('session.cookie_httponly', '1');
ini_set('session.cookie_samesite', 'Lax');
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
    ini_set('session.cookie_secure', '1');
}

// All other requests go to router
require __DIR__ . '/../app/router.php';
Initial commit 2025-10-02 17:01:55 +02:00			`<?php`
			`// Handle /app static file requests`
			`if (str_starts_with($_SERVER['REQUEST_URI'], '/app/')) {`
			`require __DIR__ . '/../app/static.php';`
			`exit;`
			`}`

Add security hardening for shared hosting environments Improve session cookie security with HttpOnly and SameSite attributes Add security headers via .htaccess Block direct access to sensitive files Restrict allowed HTTP methods Document cPanel-specific security configuration Add container hardening for ServerTokens and ServerSignature 2026-02-10 23:02:57 +01:00			`// Harden session cookie before any session starts`
			`ini_set('session.cookie_httponly', '1');`
			`ini_set('session.cookie_samesite', 'Lax');`
			`if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {`
			`ini_set('session.cookie_secure', '1');`
			`}`

Initial commit 2025-10-02 17:01:55 +02:00			`// All other requests go to router`
			`require __DIR__ . '/../app/router.php';`