From fed813e6e0e329f734aaa939de21a76f61a22f01 Mon Sep 17 00:00:00 2001
From: EL Abquina <eladio@pantheon.io>
Date: Mon, 20 Apr 2020 15:50:01 +0800
Subject: [PATCH] Previous Theme's Functions.php settings

---
 web/wp-content/themes/dctx2/functions.php | 29 +++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/web/wp-content/themes/dctx2/functions.php b/web/wp-content/themes/dctx2/functions.php
index ed42b257..2627057d 100644
--- a/web/wp-content/themes/dctx2/functions.php
+++ b/web/wp-content/themes/dctx2/functions.php
@@ -239,3 +239,32 @@ function dctx_widgets_init() {
  * Scaffolding Library.
  */
 require get_template_directory() . '/inc/scaffolding.php';
+
+/**
+ * Security entries from Previous Theme
+ */
+
+add_filter( 'the_generator', '__return_null' );
+
+add_filter( 'xmlrpc_enabled', '__return_false' );
+
+/**
+ * Add security headers for Nginx based sites
+ *
+ * @param [type] $headers add security headers as array.
+ *
+ * @return array
+ */
+function additional_securityheaders( $headers ) {
+	if ( ! is_admin() ) {
+		$headers['Referrer-Policy']         = 'no-referrer-when-downgrade';
+		$headers['X-Content-Type-Options']  = 'nosniff';
+		$headers['XX-XSS-Protection']       = '1; mode=block';
+		$headers['Feature-Policy']          = 'geolocation "none" ; camera "none"';
+		$headers['X-Frame-Options']         = 'SAMEORIGIN';
+		$headers['Content-Security-Policy'] = "script-src-elem 'self' 'unsafe-inline' https://www.google.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.gstatic.com https://cdn.datatables.net; script-src 'unsafe-inline' 'unsafe-eval' https://www.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://www.gstatic.com https://js-agent.newrelic.com/";
+	}
+
+	return $headers;
+}
+add_filter( 'wp_headers', 'additional_securityheaders' );
\ No newline at end of file