Merge "Remove duplicate settings from DefaultSettings"
This commit is contained in:
jenkins-bot
Gerrit Code Review
commit
ffae12c74a
1 changed files with 0 additions and 73 deletions
|
|
@ -50,8 +50,6 @@ if ( !defined( 'MEDIAWIKI' ) ) {
|
||||||
|
|
||||||
/** @endcond */
|
/** @endcond */
|
||||||
|
|
||||||
/** @phan-file-suppress PhanPluginRedundantAssignmentInGlobalScope */
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* $wgConf hold the site configuration.
|
* $wgConf hold the site configuration.
|
||||||
* Not used for much in a default install.
|
* Not used for much in a default install.
|
||||||
|
|
@ -7035,77 +7033,6 @@ $wgHKDFSecret = false;
|
||||||
*/
|
*/
|
||||||
$wgHKDFAlgorithm = 'sha256';
|
$wgHKDFAlgorithm = 'sha256';
|
||||||
|
|
||||||
/**
|
|
||||||
* Allow user Javascript page?
|
|
||||||
* This enables a lot of neat customizations, but may
|
|
||||||
* increase security risk to users and server load.
|
|
||||||
*/
|
|
||||||
$wgAllowUserJs = false;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Allow user Cascading Style Sheets (CSS)?
|
|
||||||
* This enables a lot of neat customizations, but may
|
|
||||||
* increase security risk to users and server load.
|
|
||||||
*/
|
|
||||||
$wgAllowUserCss = false;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Allow style-related user-preferences?
|
|
||||||
*
|
|
||||||
* This controls whether the `editfont` and `underline` preferences
|
|
||||||
* are available to users.
|
|
||||||
*/
|
|
||||||
$wgAllowUserCssPrefs = true;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Use the site's Javascript page?
|
|
||||||
*/
|
|
||||||
$wgUseSiteJs = true;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Use the site's Cascading Style Sheets (CSS)?
|
|
||||||
*/
|
|
||||||
$wgUseSiteCss = true;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Break out of framesets. This can be used to prevent clickjacking attacks,
|
|
||||||
* or to prevent external sites from framing your site with ads.
|
|
||||||
*/
|
|
||||||
$wgBreakFrames = false;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The X-Frame-Options header to send on pages sensitive to clickjacking
|
|
||||||
* attacks, such as edit pages. This prevents those pages from being displayed
|
|
||||||
* in a frame or iframe. The options are:
|
|
||||||
*
|
|
||||||
* - 'DENY': Do not allow framing. This is recommended for most wikis.
|
|
||||||
*
|
|
||||||
* - 'SAMEORIGIN': Allow framing by pages on the same domain. This can be used
|
|
||||||
* to allow framing within a trusted domain. This is insecure if there
|
|
||||||
* is a page on the same domain which allows framing of arbitrary URLs.
|
|
||||||
*
|
|
||||||
* - false: Allow all framing. This opens up the wiki to XSS attacks and thus
|
|
||||||
* full compromise of local user accounts. Private wikis behind a
|
|
||||||
* corporate firewall are especially vulnerable. This is not
|
|
||||||
* recommended.
|
|
||||||
*
|
|
||||||
* For extra safety, set $wgBreakFrames = true, to prevent framing on all pages,
|
|
||||||
* not just edit pages.
|
|
||||||
*/
|
|
||||||
$wgEditPageFrameOptions = 'DENY';
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Disallow framing of API pages directly, by setting the X-Frame-Options
|
|
||||||
* header. Since the API returns CSRF tokens, allowing the results to be
|
|
||||||
* framed can compromise your user's account security.
|
|
||||||
* Options are:
|
|
||||||
* - 'DENY': Do not allow framing. This is recommended for most wikis.
|
|
||||||
* - 'SAMEORIGIN': Allow framing by pages on the same domain.
|
|
||||||
* - false: Allow all framing.
|
|
||||||
* Note: $wgBreakFrames will override this for human formatted API output.
|
|
||||||
*/
|
|
||||||
$wgApiFrameOptions = 'DENY';
|
|
||||||
|
|
||||||
// endregion -- end of security
|
// endregion -- end of security
|
||||||
|
|
||||||
/***************************************************************************/
|
/***************************************************************************/
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue