- Make session cookies only available via HTTP (prevent access from JavaScript)
- only log PHP errors instead of displaying them in production.
Displaying errors may give attackers hints how to exploit the application
Set HTTP headers:
X-Frame-Options: DENY
Prevent Clickjacking attacks, see: http://en.wikipedia.org/wiki/Clickjacking
X-Content-Type-Options: nosniff
Prevent code injection via mime type sniffing
Former-commit-id: 4ca925874c
Adding composer support thanks to @evert. SabreDAV is now installed as a dependency using composer. Thanks @evert, this is awesome :)
Former-commit-id: b523f5fec4
* Improved packaging scripts
* Corrected magic_quotes_gpc in .htaccess; this is now handled by Flakes via PHP code
* BASEURI problems corrected
Former-commit-id: afb10b8ae3
