diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 18d9c51b32a..930fc3b08e6 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -50,8 +50,6 @@ if ( !defined( 'MEDIAWIKI' ) ) { /** @endcond */ -/** @phan-file-suppress PhanPluginRedundantAssignmentInGlobalScope */ - /** * $wgConf hold the site configuration. * Not used for much in a default install. @@ -7035,77 +7033,6 @@ $wgHKDFSecret = false; */ $wgHKDFAlgorithm = 'sha256'; -/** - * Allow user Javascript page? - * This enables a lot of neat customizations, but may - * increase security risk to users and server load. - */ -$wgAllowUserJs = false; - -/** - * Allow user Cascading Style Sheets (CSS)? - * This enables a lot of neat customizations, but may - * increase security risk to users and server load. - */ -$wgAllowUserCss = false; - -/** - * Allow style-related user-preferences? - * - * This controls whether the `editfont` and `underline` preferences - * are available to users. - */ -$wgAllowUserCssPrefs = true; - -/** - * Use the site's Javascript page? - */ -$wgUseSiteJs = true; - -/** - * Use the site's Cascading Style Sheets (CSS)? - */ -$wgUseSiteCss = true; - -/** - * Break out of framesets. This can be used to prevent clickjacking attacks, - * or to prevent external sites from framing your site with ads. - */ -$wgBreakFrames = false; - -/** - * The X-Frame-Options header to send on pages sensitive to clickjacking - * attacks, such as edit pages. This prevents those pages from being displayed - * in a frame or iframe. The options are: - * - * - 'DENY': Do not allow framing. This is recommended for most wikis. - * - * - 'SAMEORIGIN': Allow framing by pages on the same domain. This can be used - * to allow framing within a trusted domain. This is insecure if there - * is a page on the same domain which allows framing of arbitrary URLs. - * - * - false: Allow all framing. This opens up the wiki to XSS attacks and thus - * full compromise of local user accounts. Private wikis behind a - * corporate firewall are especially vulnerable. This is not - * recommended. - * - * For extra safety, set $wgBreakFrames = true, to prevent framing on all pages, - * not just edit pages. - */ -$wgEditPageFrameOptions = 'DENY'; - -/** - * Disallow framing of API pages directly, by setting the X-Frame-Options - * header. Since the API returns CSRF tokens, allowing the results to be - * framed can compromise your user's account security. - * Options are: - * - 'DENY': Do not allow framing. This is recommended for most wikis. - * - 'SAMEORIGIN': Allow framing by pages on the same domain. - * - false: Allow all framing. - * Note: $wgBreakFrames will override this for human formatted API output. - */ -$wgApiFrameOptions = 'DENY'; - // endregion -- end of security /***************************************************************************/