ENHANCEMENT: added security hardening

2022-01-31 15:24:41 +01:00 · 2022-01-31 15:24:41 +01:00 · c9b109601a
commit c9b109601a
parent 0ae17fd1d9
2 changed files with 6 additions and 1 deletions
--- a/bootstrap.php
+++ b/bootstrap.php
@ -1,6 +1,5 @@
 <?php

-session_start();
 require_once "vendor/autoload.php";

 if( ini_get('safe_mode') ){
--- a/lib/Framework/Kernel.php
+++ b/lib/Framework/Kernel.php
@ -100,6 +100,12 @@ class Kernel
        $this->router = new Router();
        $this->router->parseRoutes($this->getConfigDir(), 'routes.yaml');
        $request = $this->parseRequest();
+        if($request->isSecure()) {
+            ini_set('session.cookie_httponly', true);
+            ini_set('session.cookie_secure', true);
+        }
+
+        session_start();
        return $this->router->route($request, $this);
    }