From 1a221e031090383905be7d7be53578c7581642d0 Mon Sep 17 00:00:00 2001
From: FusionPBX <mark@fusionpbx.com>
Date: Wed, 15 Oct 2025 21:43:14 -0600
Subject: [PATCH] Add security headers for non-CLI execution

Add security headers conditionally for non-CLI requests
---
 resources/require.php | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/resources/require.php b/resources/require.php
index 3bc2b1f653..d4633a6693 100644
--- a/resources/require.php
+++ b/resources/require.php
@@ -89,11 +89,13 @@
 	$database = database::new(['config' => $config]);
 
 //security headers
-	header("X-Frame-Options: SAMEORIGIN");
-	header("Content-Security-Policy: frame-ancestors 'self';");
-	header("X-Content-Type-Options: nosniff");
-	header("Referrer-Policy: strict-origin-when-cross-origin");
-	//header("Strict-Transport-Security: max-age=63072000; includeSubDomains; preload");
+	if (!defined('STDIN')) {
+		header("X-Frame-Options: SAMEORIGIN");
+		header("Content-Security-Policy: frame-ancestors 'self';");
+		header("X-Content-Type-Options: nosniff");
+		header("Referrer-Policy: strict-origin-when-cross-origin");
+		//header("Strict-Transport-Security: max-age=63072000; includeSubDomains; preload");
+	}
 
 //start the session if not using the command line
 	global $no_session;