first commit

Application/views/admin/de/security_lang.php

@@ -0,0 +1,23 @@
+<?php
+$sLangName = "Deutsch";
+
+$aLang = array(
+    'charset' => 'UTF-8',
+
+    'SHOP_MODULE_GROUP_rs-security_main' => 'Standard headers',
+    'SHOP_MODULE_rs-security_Strict-Transport-Security' => 'Strict-Transport-Security (Default: max-age=63072000; includeSubDomains; preload)',
+    'SHOP_MODULE_rs-security_Content-Security-Policy' => "Content-Security-Policy (Default: default-src 'self' https: ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com  https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-ancestors 'self'; form-action 'self'; base-uri 'self';)",
+    'SHOP_MODULE_rs-security_X-Content-Type-Options' => 'X-Content-Type-Options (Default: nosniff)',
+    'SHOP_MODULE_rs-security_X-Frame-Options' => 'X-Frame-Options (Default: SAMEORIGIN)',
+    'SHOP_MODULE_rs-security_X-XSS-Protection' => 'X-XSS-Protection (Default: 1; mode=block)',
+    'SHOP_MODULE_rs-security_Referrer-Policy' => 'Referrer-Policy (Default: same-origin)',
+
+    'SHOP_MODULE_GROUP_rs-security_sub' => 'Additinal headers',
+    'SHOP_MODULE_rs-security_OtherName1' => 'Another header title (1)',
+    'SHOP_MODULE_rs-security_OtherValue1' => 'Value for the header (1)',
+    'SHOP_MODULE_rs-security_OtherName2' => 'Another header title (2)',
+    'SHOP_MODULE_rs-security_OtherValue2' => 'Value for the header (2)',
+    'SHOP_MODULE_rs-security_OtherName3' => 'Another header title (3)',
+    'SHOP_MODULE_rs-security_OtherValue3' => 'Value for the header (3)',
+
+);

Application/views/admin/en/security_lang.php

@@ -0,0 +1,23 @@
+<?php
+$sLangName = "English";
+
+$aLang = array(
+    'charset' => 'UTF-8',
+
+    'SHOP_MODULE_GROUP_rs-security_main' => 'Standard headers',
+    'SHOP_MODULE_rs-security_Strict-Transport-Security' => 'Strict-Transport-Security (Default: max-age=63072000; includeSubDomains; preload)',
+    'SHOP_MODULE_rs-security_Content-Security-Policy' => "Content-Security-Policy (Default: default-src 'self' https: ; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com  https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-ancestors 'self'; form-action 'self'; base-uri 'self';)",
+    'SHOP_MODULE_rs-security_X-Content-Type-Options' => 'X-Content-Type-Options (Default: nosniff)',
+    'SHOP_MODULE_rs-security_X-Frame-Options' => 'X-Frame-Options (Default: SAMEORIGIN)',
+    'SHOP_MODULE_rs-security_X-XSS-Protection' => 'X-XSS-Protection (Default: 1; mode=block)',
+    'SHOP_MODULE_rs-security_Referrer-Policy' => 'Referrer-Policy (Default: same-origin)',
+
+    'SHOP_MODULE_GROUP_rs-security_sub' => 'Additinal headers',
+    'SHOP_MODULE_rs-security_OtherName1' => 'Another header title (1)',
+    'SHOP_MODULE_rs-security_OtherValue1' => 'Value for the header (1)',
+    'SHOP_MODULE_rs-security_OtherName2' => 'Another header title (2)',
+    'SHOP_MODULE_rs-security_OtherValue2' => 'Value for the header (2)',
+    'SHOP_MODULE_rs-security_OtherName3' => 'Another header title (3)',
+    'SHOP_MODULE_rs-security_OtherValue3' => 'Value for the header (3)',
+
+);

Core/Output.php

@@ -0,0 +1,54 @@
+<?php
+
+namespace rs\security\Core;
+
+class Output extends Output_parent
+{
+    /**
+     * send page headers (content type, charset)
+     */
+    public function sendHeaders()
+    {
+        parent::sendHeaders();
+
+        if($this->_sOutputFormat===self::OUTPUT_FORMAT_HTML)
+        {
+            /**
+             * @var \oxconfig $oConfig
+             */
+            $oConfig = $this->getConfig();
+            if(!$oConfig->isAdmin())
+            {
+                //Standard
+                $aHeaders = [
+                    'Strict-Transport-Security',
+                    'Content-Security-Policy',
+                    'X-Content-Type-Options',
+                    'X-Frame-Options',
+                    'X-XSS-Protection',
+                    'Referrer-Policy'
+                ];
+                foreach($aHeaders as $sHeader)
+                {
+                    $sValue = trim($oConfig->getConfigParam('rs-security_'.$sHeader,""));
+                    if($sValue!="")
+                        \OxidEsales\Eshop\Core\Registry::getUtils()->setHeader($sHeader.":".$sValue);
+                }
+
+                //Additional
+                $aHeaders = [
+                    '1',
+                    '2',
+                    '3'
+                ];
+                foreach($aHeaders as $sHeader)
+                {
+                    $sTitle = trim($oConfig->getConfigParam('rs-security_OtherName'.$sHeader,""));
+                    $sValue = trim($oConfig->getConfigParam('rs-security_OtherValue'.$sHeader,""));
+                    if($sTitle!="" && $sValue!="")
+                        \OxidEsales\Eshop\Core\Registry::getUtils()->setHeader($sTitle.":".$sValue);
+                }
+            }
+        }
+    }
+}