'right_aside' => '',
'template' => '',
'title' => '',
+ 'section' => '',
+ 'module' => '',
];
/**
* @var string The basepath of the page
$page = $this->page;
+ // add and escape some common but crucial content for direct "echo" in HTML (security)
+ $page['title'] = htmlspecialchars($page['title'] ?? '');
+ $page['section'] = htmlspecialchars($args->get(0) ?? 'generic');
+ $page['module'] = htmlspecialchars($args->getModuleName() ?? '');
+
header("X-Friendica-Version: " . App::VERSION);
header("Content-type: text/html; charset=utf-8");
- if ($config->get('system', 'hsts') && ($baseURL->getSSLPolicy() == BaseURL::SSL_POLICY_FULL)) {
+ if ($config->get('system', 'hsts') && ($baseURL->getScheme() === 'https')) {
header("Strict-Transport-Security: max-age=31536000");
}