CMXX - Pricelists

2025-01-23 12:54:16 +01:00
parent 53686b3c33
commit 661783270a
16 changed files with 811 additions and 182 deletions
--- a/api.php
+++ b/api.php
@@ -16,6 +16,34 @@ require_once './assets/functions.php';
 include './settings/settings.php';
 include './settings/config.php';

+//------------------------------------------
+// Header security - enabled via config
+//------------------------------------------   
+if (header_security){
+    header('Content-Type: application/json');
+  
+    // Set strict security headers
+    header('X-Content-Type-Options: nosniff');
+    header('X-Frame-Options: DENY');
+    header('X-XSS-Protection: 1; mode=block');
+    header('Content-Security-Policy: default-src \'none\'');
+    header('Access-Control-Allow-Origin: ' . $_ENV['ALLOWED_ORIGIN']);
+    header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
+    header('Access-Control-Allow-Headers: Content-Type, Accept, Authorization');
+  
+    // Validate Content-Type
+    if (!str_contains($_SERVER['CONTENT_TYPE'],'application/json')) {
+    http_response_code(400);
+    exit(json_encode(['error' => 'Invalid Content-Type']));
+    }
+  
+    // Validate request size
+    if ($_SERVER['CONTENT_LENGTH'] > '5M') {
+    http_response_code(413);
+    exit(json_encode(['error' => 'Request too large']));
+    }
+  }
+
 //------------------------------------------
 // Retrieve API version and Collection
 // api.php/(v)ersion/{get/post}/collection/