You are here

Home » API reference » Security Kit 7 » seckit.module

function _seckit_get_options_defaults in Security Kit 7

Define the default values for our settings variables.

See also

_seckit_get_options().

3 calls to _seckit_get_options_defaults()
seckit_admin_form in includes/seckit.form.inc
Forms administration page.
seckit_update_7106 in ./seckit.install
If no CSP has been configured, enable unlimited_csp_reports by default.
_seckit_get_options in ./seckit.module
Return the current SecKit settings.

File

./seckit.module, line 739
Allows administrators to improve security of the website.

Code

function _seckit_get_options_defaults() {
  $defaults = array();

  // Defaults for variable_get('seckit_xss');
  $defaults['seckit_xss'] = array(
    // Content Security Policy (CSP)
    'csp' => array(
      'checkbox' => 0,
      // CSP disabled by default
      'vendor-prefix' => array(
        'x' => 0,
        'webkit' => 0,
      ),
      'report-only' => 0,
      'default-src' => "'self'",
      'script-src' => '',
      'object-src' => '',
      'style-src' => '',
      'img-src' => '',
      'media-src' => '',
      'frame-src' => '',
      'frame-ancestors' => '',
      'child-src' => '',
      'font-src' => '',
      'connect-src' => '',
      'report-uri' => SECKIT_CSP_REPORT_URL,
      'policy-uri' => '',
      'upgrade-req' => '',
    ),
    // X-XSS-Protection header.
    'x_xss' => array(
      'select' => SECKIT_X_XSS_DISABLE,
    ),
  );

  // Defaults for variable_get('seckit_csrf');
  // Enable Origin-based protection.
  $defaults['seckit_csrf'] = array(
    'origin' => 1,
    'origin_whitelist' => '',
  );

  // Defaults for variable_get('seckit_clickjacking');
  $defaults['seckit_clickjacking'] = array(
    'x_frame' => SECKIT_X_FRAME_SAMEORIGIN,
    'x_frame_allow_from' => '',
    'js_css_noscript' => 0,
    // Do not require Javascript by default!
    'noscript_message' => t('Sorry, you need to enable JavaScript to visit this website.'),
  );

  // Defaults for variable_get('seckit_ssl');
  $defaults['seckit_ssl'] = array(
    'hsts' => 0,
    'hsts_max_age' => 1000,
    'hsts_subdomains' => 0,
    'hsts_preload' => 0,
  );

  // Defaults for variable_get('seckit_ct');
  $defaults['seckit_ct'] = array(
    'expect_ct' => 0,
    'max_age' => 1000,
    'report-uri' => '',
    'enforce' => 0,
  );

  // Defaults for variable_get('seckit_fp');
  $defaults['seckit_fp'] = array(
    'feature_policy' => 0,
    'feature_policy_policy' => '',
  );

  // Defaults for variable_get('seckit_various');
  $defaults['seckit_various'] = array(
    'referrer_policy' => 0,
    'referrer_policy_policy' => '',
    'from_origin' => 0,
    'from_origin_destination' => 'same',
    'disable_autocomplete' => 0,
  );

  // Advanced / Development options.
  // Defaults for variable_get('seckit_advanced');
  $defaults['seckit_advanced'] = array(
    'disable_seckit' => 0,
    'unlimited_csp_reports' => 0,
    'csp_limits' => array(
      'max_size' => SECKIT_CSP_REPORT_MAX_SIZE,
      'flood' => array(
        'limit_user' => SECKIT_CSP_REPORT_FLOOD_LIMIT_USER,
        'window_user' => SECKIT_CSP_REPORT_FLOOD_WINDOW_USER,
        'limit_global' => SECKIT_CSP_REPORT_FLOOD_LIMIT_GLOBAL,
        'window_global' => SECKIT_CSP_REPORT_FLOOD_WINDOW_GLOBAL,
      ),
    ),
  );
  return $defaults;
}