3b04a3d78c
Improve session cookie security with HttpOnly and SameSite attributes Add security headers via .htaccess Block direct access to sensitive files Restrict allowed HTTP methods Document cPanel-specific security configuration Add container hardening for ServerTokens and ServerSignature
16 lines
476 B
PHP
16 lines
476 B
PHP
<?php
|
|
// Handle /app static file requests
|
|
if (str_starts_with($_SERVER['REQUEST_URI'], '/app/')) {
|
|
require __DIR__ . '/../app/static.php';
|
|
exit;
|
|
}
|
|
|
|
// Harden session cookie before any session starts
|
|
ini_set('session.cookie_httponly', '1');
|
|
ini_set('session.cookie_samesite', 'Lax');
|
|
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
|
|
ini_set('session.cookie_secure', '1');
|
|
}
|
|
|
|
// All other requests go to router
|
|
require __DIR__ . '/../app/router.php';
|