Editing: security-headers.php
<?php defined( 'ABSPATH' ) or die(); add_filter( 'rsssl_fields', function( $fields ) { return array_merge( $fields, [ [ 'id' => 'x_xss_protection', 'menu_id' => 'recommended_security_headers', 'group_id' => 'recommended_security_headers', 'type' => 'select', 'label' => "X-XSS-Protection", 'options' => [ 'disabled' => __("Disabled", "really-simple-ssl"), 'zero' => "0 ".__("(recommended)", "really-simple-ssl"), 'one' => "1", 'mode_block' => "1; mode=block", ], 'disabled' => false, 'default' => 'zero', 'help' => [ 'label' => 'default', 'url' => 'definition/about-recommended-security-headers', 'title' => __("About Essential Security Headers", 'really-simple-ssl'), 'text' => __('These security headers are the fundamental security measures to protect your website visitors while visiting your website.', 'really-simple-ssl'), ], ], [ 'id' => 'x_content_type_options', 'menu_id' => 'recommended_security_headers', 'group_id' => 'recommended_security_headers', 'type' => 'checkbox', 'label' => "X-Content-Type options", 'disabled' => false, 'default' => false, ], [ 'id' => 'x_frame_options', 'menu_id' => 'recommended_security_headers', 'group_id' => 'recommended_security_headers', 'type' => 'select', 'options' => [ 'disabled' => __("Off", "really-simple-ssl"), 'DENY' => 'DENY', 'SAMEORIGIN' => 'SAMEORIGIN', ], 'label' => "X-Frame options", 'disabled' => defined('rsssl_pro'), 'comment' => defined('rsssl_pro') ? __("This option is handled by the Content Security Policy/frame-ancestors setting.", "really-simple-ssl") : "", 'default' => false, ], [ 'id' => 'referrer_policy', 'menu_id' => 'recommended_security_headers', 'group_id' => 'recommended_security_headers', 'type' => 'select', 'options' => [ 'disabled' => __("Off", "really-simple-ssl"), 'strict-origin-when-cross-origin' => 'strict-origin-when-cross-origin'.' ('.__("recommended", "really-simple-ssl").')', 'no-referrer' => 'no-referrer', 'origin' => 'origin', 'no-referrer-when-downgrade' => 'no-referrer-when-downgrade', 'unsafe-url' => 'unsafe-url', 'origin-when-cross-origin' => 'origin-when-cross-origin', 'strict-origin' => 'strict-origin', 'same-origin' => 'same-origin', ], 'label' => "Referrer Policy", 'disabled' => false, 'default' => 'strict-origin-when-cross-origin', ], [ 'id' => 'hsts', 'menu_id' => 'hsts', 'group_id' => 'hsts', 'type' => 'checkbox', 'label' => __("HTTP Strict Transport Security", "really-simple-ssl"), 'disabled' => false, 'default' => false, 'help' => [ 'label' => 'default', 'url' => 'definition/what-is-hsts/', 'title' => __("About HTTP Strict Transport Security", 'really-simple-ssl'), 'text' => __('Leveraging your SSL certificate with HSTS is a staple for every website. Force your website over SSL, mitigating risks of malicious counterfeit websites in your name.', 'really-simple-ssl'), ], 'react_conditions' => [ 'relation' => 'AND', [ 'ssl_enabled' => '1', ] ], ], [ 'id' => 'hsts_preload', 'menu_id' => 'hsts', 'group_id' => 'hsts', 'type' => 'checkbox', 'label' => __("Include preload", "really-simple-ssl"), 'comment' => sprintf(__("After enabling this feature, you can submit your site to %shstspreload.org%s", "really-simple-ssl"), '<a target="_blank" href="https://hstspreload.org?domain='.site_url().'">', "</a>"), 'react_conditions' => [ 'relation' => 'AND', [ 'hsts' => true, ] ], 'configure_on_activation' => [ 'condition' => 1, [ 'hsts_subdomains' => true, 'hsts_max_age' => 63072000, ] ], 'disabled' => false, 'default' => false, ], [ 'id' => 'hsts_subdomains', 'menu_id' => 'hsts', 'group_id' => 'hsts', 'type' => 'checkbox', 'label' => __("Include subdomains", "really-simple-ssl"), 'react_conditions' => [ 'relation' => 'AND', [ 'hsts' => true, ] ], 'disabled' => false, 'default' => false, ], [ 'id' => 'hsts_max_age', 'menu_id' => 'hsts', 'group_id' => 'hsts', 'type' => 'select', 'options' => [ '86400' => __('One day (for testing only)', 'really-simple-ssl'), '31536000' => __('One year', 'really-simple-ssl'), '63072000' => __('Two years (required for preload)', 'really-simple-ssl'), ], 'label' => __("Choose the max-age for HSTS", "really-simple-ssl"), 'react_conditions' => [ 'relation' => 'AND', [ 'hsts' => true, ] ], 'disabled' => false, 'default' => '63072000', ], [ 'id' => 'cross_origin_opener_policy', 'menu_id' => 'cross_origin_policy', 'group_id' => 'cross_origin_policy', 'type' => 'select', 'options' => [ 'disabled' => __('Off', 'really-simple-ssl'), 'unsafe-none' => 'unsafe-none', 'same-origin-allow-popups' => 'same-origin-allow-popups', 'same-origin' => 'same-origin', ], 'help' => [ 'label' => 'default', 'url' => 'definition/what-is-a-cross-origin-policy/', 'title' => __("About Cross Origin Policies", 'really-simple-ssl'), 'text' => __('One of the most powerful features, and therefore the most complex are the Cross-Origin headers that can isolate your website so any data leaks are minimized.', 'really-simple-ssl'), ], 'label' => __("Cross Origin Opener Policy", "really-simple-ssl"), 'disabled' => false, 'default' => 'disabled', ], [ 'id' => 'cross_origin_resource_policy', 'menu_id' => 'cross_origin_policy', 'group_id' => 'cross_origin_policy', 'type' => 'select', 'options' => [ 'disabled' => __('Off', 'really-simple-ssl'), 'same-site' => 'same-site', 'same-origin' => 'same-origin', 'cross-origin' => 'cross-origin', ], 'label' => __("Cross Origin Resource Policy", "really-simple-ssl"), 'disabled' => false, 'default' => 'disabled', ], [ 'id' => 'cross_origin_embedder_policy', 'menu_id' => 'cross_origin_policy', 'group_id' => 'cross_origin_policy', 'type' => 'select', 'options' => [ 'disabled' => __('Off', 'really-simple-ssl'), 'require-corp' => 'require-corp', 'same-origin' => 'same-origin', 'unsafe-none' => 'unsafe-none', ], 'label' => __("Cross Origin Embedder Policy", "really-simple-ssl"), 'disabled' => false, 'default' => 'disabled', ], [ 'id' => 'permissions_policy', 'menu_id' => 'permissions_policy', 'group_id' => 'permissions_policy', 'type' => 'permissionspolicy', 'options' => [ '*' => __( "Allow", "really-simple-ssl" ), '()' => __( "Disable", "really-simple-ssl" ), 'self' => __( "Self (Default)", "really-simple-ssl" ) ], 'label' => __( "Permissions Policy", 'really-simple-ssl' ), 'disabled' => false, 'help' => [ 'label' => 'default', 'url' => 'definition/what-is-a-permissions-policy', 'title' => __( "About the Permission Policy", 'really-simple-ssl' ), 'text' => __( 'Browser features are plentiful, but most are not needed on your website.', 'really-simple-ssl' ).' '.__('They might be misused if you don’t actively tell the browser to disable these features.', 'really-simple-ssl' ), ], 'columns' => [ [ 'name' => __( 'Feature', 'really-simple-ssl' ), 'sortable' => true, 'column' => 'title', ], [ 'name' => __( '', 'really-simple-ssl' ), 'sortable' => false, 'column' => 'valueControl', ], ], 'default' => [ [ 'id' => 'accelerometer', 'title' => 'Accelerometer', 'value' => 'self', 'status' => true, ], [ 'id' => 'autoplay', 'title' => 'Autoplay', 'value' => 'self', 'status' => false, ], [ 'id' => 'camera', 'title' => 'Camera', 'value' => 'self', 'status' => false, ], [ 'id' => 'encrypted-media', 'title' => 'Encrypted Media', 'value' => 'self', 'status' => false, ], [ 'id' => 'fullscreen', 'title' => 'Fullscreen', 'value' => 'self', 'status' => false, ], [ 'id' => 'geolocation', 'title' => 'Geolocation', 'value' => '*', 'status' => false, ], [ 'id' => 'microphone', 'title' => 'Microphone', 'value' => 'self', 'status' => false, ], [ 'id' => 'midi', 'title' => 'Midi', 'value' => 'self', 'status' => false, ], [ 'id' => 'payment', 'title' => 'Payment', 'value' => 'self', 'status' => false, ], [ 'id' => 'display-capture', 'title' => 'Display Capture', 'value' => 'self', 'status' => false, ], ], ], [ 'id' => 'enable_permissions_policy', 'menu_id' => 'permissions_policy', 'group_id' => 'permissions_policy', 'type' => 'hidden', 'label' => __( "Enable Permissions Policy", 'really-simple-ssl' ), 'disabled' => false, 'default' => false, ], [ 'id' => 'upgrade_insecure_requests', 'menu_id' => 'content_security_policy', 'group_id' => 'upgrade_insecure_requests', 'type' => 'checkbox', 'label' => __( "Serve encrypted and authenticated responses", 'really-simple-ssl' ), 'disabled' => false, 'default' => false, 'help' => [ 'label' => 'default', 'url' => 'definition/what-is-a-content-security-policy', 'title' => __( "About the Content Security Policy", 'really-simple-ssl' ), 'text' => __( 'The content security policy has many options, so we always recommend starting in ‘learning mode’ to see what files and scripts are loaded.', 'really-simple-ssl' ), ], 'react_conditions' => [ 'relation' => 'AND', [ 'ssl_enabled' => '1', ] ], ], [ 'id' => 'csp_frame_ancestors', 'menu_id' => 'content_security_policy', 'group_id' => 'frame_ancestors', 'type' => 'select', 'options' => [ 'disabled' => __("Yes (don't set header)", "really-simple-ssl"), 'none' => "None", 'self' => __("Self (Default)", "really-simple-ssl"), ], 'label' => __( "Allow your domain to be embedded", "really-simple-ssl" ), 'disabled' => false, 'default' => 'self', ], [ 'id' => 'csp_frame_ancestors_urls', 'menu_id' => 'content_security_policy', 'group_id' => 'frame_ancestors', 'type' => 'textarea', 'label' => __( "Add additional domains which can embed your website, if needed. Comma separated.", "really-simple-ssl" ), 'disabled' => maybe_disable_frame_ancestors_url_field(), 'default' => false, 'react_conditions' => [ 'relation' => 'AND', [ 'csp_frame_ancestors' => 'NOT disabled', ] ], ], [ 'id' => 'csp_status', 'menu_id' => 'content_security_policy', 'group_id' => 'content_security_policy_source_directives', 'type' => 'hidden', 'label' => '', 'disabled' => false, 'default' => false, ], [ 'id' => 'csp_status_lm_enabled_once', 'menu_id' => 'content_security_policy', 'group_id' => 'content_security_policy_source_directives', 'type' => 'hidden', 'label' => '', 'disabled' => false, 'default' => false, ], [ 'id' => 'content_security_policy_source_directives', 'control_field' => 'csp_status', 'menu_id' => 'content_security_policy', 'group_id' => 'content_security_policy_source_directives', 'type' => 'learningmode', 'label' => "Content Security Policy", 'disabled' => false, 'default' => false, 'columns' => [ [ 'name' => __( 'Location', 'really-simple-ssl' ), 'sortable' => false, 'column' => 'documenturi', 'grow' => 2, 'width' => '20%', ], [ 'name' => __( 'Directive', 'really-simple-ssl' ), 'sortable' => false, 'column' => 'violateddirective', 'grow' => 1, 'width' => '25%', ], [ 'name' => __( 'Source', 'really-simple-ssl' ), 'sortable' => false, 'column' => 'blockeduri', 'grow' => 1, 'width' => '30%', ], [ 'name' => __( '', 'really-simple-ssl' ), 'sortable' => false, 'column' => 'statusControl', 'grow' => 1, 'width' => '10%', ], [ 'name' => __('', 'really-simple-ssl'), 'sortable' => false, 'column' => 'deleteControl', 'grow' => 1, 'width' => '10%', ], // [ //placeholder until we have resolved the columns // 'name' => '', // ], ], 'modal' => [ 'options' => (defined('rsssl_pro') ? array_keys(RSSSL()->headers->directives) : []), ] ], ] ); }, 200 );
Save
Back