diff --git a/INSTALL/INSTALL.rhel7.md b/INSTALL/INSTALL.rhel7.md
index f1a9fa7..d382618 100644
--- a/INSTALL/INSTALL.rhel7.md
+++ b/INSTALL/INSTALL.rhel7.md
@@ -121,4 +121,11 @@ Set file ownership for monarc installation
Require all granted
+
+ Header always set X-Content-Type-Options nosniff
+ Header always set X-XSS-Protection "1; mode=block"
+ Header always set X-Robots-Tag none
+ Header always set X-Frame-Options SAMEORIGIN
+
+
SetEnv APPLICATION_ENV "development"
diff --git a/INSTALL/INSTALL.ubuntu1604.md b/INSTALL/INSTALL.ubuntu1604.md
index 4789206..c74d409 100644
--- a/INSTALL/INSTALL.ubuntu1604.md
+++ b/INSTALL/INSTALL.ubuntu1604.md
@@ -42,6 +42,13 @@ Especially by setting a strong root password.
Require all granted
+
+ Header always set X-Content-Type-Options nosniff
+ Header always set X-XSS-Protection "1; mode=block"
+ Header always set X-Robots-Tag none
+ Header always set X-Frame-Options SAMEORIGIN
+
+
SetEnv APPLICATION_ENV "development"
diff --git a/INSTALL/INSTALL.ubuntu1804.md b/INSTALL/INSTALL.ubuntu1804.md
index a7c1fdd..156f409 100644
--- a/INSTALL/INSTALL.ubuntu1804.md
+++ b/INSTALL/INSTALL.ubuntu1804.md
@@ -42,6 +42,13 @@ Especially by setting a strong root password.
Require all granted
+
+ Header always set X-Content-Type-Options nosniff
+ Header always set X-XSS-Protection "1; mode=block"
+ Header always set X-Robots-Tag none
+ Header always set X-Frame-Options SAMEORIGIN
+
+
SetEnv APPLICATION_ENV "development"
diff --git a/config/autoload/local.php.dist b/config/autoload/local.php.dist
index cb698c8..4448862 100644
--- a/config/autoload/local.php.dist
+++ b/config/autoload/local.php.dist
@@ -93,6 +93,8 @@ return array(
'from' => 'info@monarc.lu',
],
+ 'mospApiUrl' => 'https://objects.monarc.lu/api/v1/',
+
'terms' => 'https://my.monarc.lu/terms.html',
'monarc' => array(
diff --git a/vagrant/bootstrap.sh b/vagrant/bootstrap.sh
index 939510c..5b3062c 100644
--- a/vagrant/bootstrap.sh
+++ b/vagrant/bootstrap.sh
@@ -82,6 +82,7 @@ done
echo -e "\n--- Enabling mod-rewrite and ssl… ---\n"
a2enmod rewrite > /dev/null 2>&1
a2enmod ssl > /dev/null 2>&1
+a2enmod headers > /dev/null 2>&1
echo -e "\n--- Allowing Apache override to all ---\n"
sudo sed -i "s/AllowOverride None/AllowOverride All/g" /etc/apache2/apache2.conf
@@ -162,6 +163,13 @@ cat > /etc/apache2/sites-enabled/000-default.conf <
+
+ Header always set X-Content-Type-Options nosniff
+ Header always set X-XSS-Protection "1; mode=block"
+ Header always set X-Robots-Tag none
+ Header always set X-Frame-Options SAMEORIGIN
+
+
SetEnv APPLICATION_ENV $ENVIRONMENT
SetEnv APP_DIR $PATH_TO_MONARC
@@ -230,9 +238,11 @@ return array(
'from' => 'info@monarc.lu',
],
+ 'mospApiUrl' => 'https://objects.monarc.lu/api/v1/',
+
'monarc' => array(
'ttl' => 60, // timeout
- 'salt' => '', // salt privé pour chiffrement pwd
+ 'salt' => '', // private salt for password encryption
),
);
EOF