ça marche (+csp header ) :D
This commit is contained in:
parent
c782ccb0c0
commit
f3eb274144
7 changed files with 40 additions and 27 deletions
|
@ -1,4 +1,4 @@
|
|||
<?php
|
||||
$page = str_replace(".php","",basename($_SERVER['SCRIPT_FILENAME']));
|
||||
?>
|
||||
<script src="js/<?=$page?>.js">
|
||||
<script src="js/<?=$page?>.js"></script>
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
<?php
|
||||
header("Content-Security-Policy: default-src 'self'; connect-src 'self'; script-src 'self'; img-src 'self'; font-src 'self'; media-src 'self'; frame-src 'self'; sandbox allow-forms; object-src 'none'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; worker-src 'none'; manifest-src : 'none'; prefetch-src : 'none'; navigate-to 'self';")
|
||||
?>
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
|
2
api.php
2
api.php
|
@ -11,7 +11,7 @@
|
|||
|
||||
*/
|
||||
|
||||
include("session_verif.php");
|
||||
//include("session_verif.php");
|
||||
include("bdd.php");
|
||||
|
||||
include('php-csrf.php');
|
||||
|
|
10
index.php
10
index.php
|
@ -2,8 +2,8 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<?php
|
||||
$tire_page = "Ach'INSA";
|
||||
include "_patials/head.php"
|
||||
$titre_page = "Arch'INSA";
|
||||
include "_partials/_head.php";
|
||||
?>
|
||||
<body>
|
||||
<?php
|
||||
|
@ -11,8 +11,8 @@
|
|||
session_start();
|
||||
|
||||
?>
|
||||
<a href="javascript:authenticate_user();">connection</a>
|
||||
<a href="javascript:unauthenticate_user();">déconnection</a>
|
||||
<button id="btn-connection">connection</button>
|
||||
<button id="lien-deconnection">déconnection</button>
|
||||
|
||||
<div id="user_status">
|
||||
|
||||
|
@ -32,6 +32,6 @@
|
|||
|
||||
</body>
|
||||
<?php
|
||||
include "_partials/footer.php";
|
||||
include "_partials/_footer.php";
|
||||
?>
|
||||
</html>
|
||||
|
|
12
js/index.js
12
js/index.js
|
@ -150,6 +150,7 @@ async function gen_chronologie(){
|
|||
}
|
||||
|
||||
|
||||
document.addEventListener("DOMContentLoaded", (event)=>{
|
||||
gen_chronologie();
|
||||
|
||||
test_auth();
|
||||
|
@ -168,3 +169,14 @@ document.getElementById("themes_input").onkeydown =function(event) {
|
|||
document.getElementById("themes_input").value = "";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
document.getElementById("btn-connection").addEventListener("click", (event) => {
|
||||
authenticate_user();
|
||||
});
|
||||
document.getElementById("btn-deconnection").addEventListener("click", (event) => {
|
||||
unauthenticate_user();
|
||||
});
|
||||
|
||||
});
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ phpCAS::setLogger();
|
|||
phpCAS::setVerbose(true);
|
||||
|
||||
// Initialize phpCAS
|
||||
phpCAS::client(CAS_VERSION_2_0, "cas.insa-toulouse.fr", 443, 'cas',"https://cas.insa-toulouse.fr");
|
||||
phpCAS::client(CAS_VERSION_2_0, "cas.insa-toulouse.fr", 443, 'cas',"https://arch.etud.insa-toulouse.fr");
|
||||
|
||||
// For production use set the CA certificate that is the issuer of the cert
|
||||
// on the CAS server and uncomment the line below
|
||||
|
|
|
@ -6,14 +6,12 @@
|
|||
?>
|
||||
<body>
|
||||
<?php
|
||||
include("session_verif.php");
|
||||
// Include the PHP-CSRF library
|
||||
//include("session_verif.php");
|
||||
include('php-csrf.php');
|
||||
|
||||
$csrf = new CSRF();
|
||||
?>
|
||||
|
||||
<!-- Input to choose files -->
|
||||
|
||||
<form id="uploadForm" enctype="multipart/form-data">
|
||||
<input type="file" id="fileInput" multiple>
|
||||
|
|
Loading…
Reference in a new issue