forked from fa/breadcrumb-the-shire
Apply consistent security settings to both environments so issues surface early in development rather than first appearing in prod. Both environments: - expose_php=Off — hide PHP version from X-Powered-By - allow_url_include=Off — prevent remote file inclusion - open_basedir=/var/www:/tmp — restrict filesystem access - disable_functions — block shell execution functions unused by the app - Session: strict_mode, httponly, samesite=Lax, use_only_cookies Production additionally: - display_errors=0, log_errors=1 - session.cookie_secure=1 (HTTPS-only) Removed deprecated sid_length/sid_bits_per_character (PHP 8.5+). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
588 B
588 B