diff options
author | Ivan Kohler <ivan@freeside.biz> | 2016-01-05 09:09:08 -0800 |
---|---|---|
committer | Ivan Kohler <ivan@freeside.biz> | 2016-01-05 09:09:08 -0800 |
commit | b36fd164c990208bb1c37f40ee1887996442f94e (patch) | |
tree | 00e65d7f1d112d2744f6b1df49255a9b6c0faf79 /FS/FS/Mason | |
parent | d0fc25693dd91869c6e1fe1372bcae35fde1a827 (diff) |
clickjacking protection: set X-Frame-Options SAMEORIGIN, RT#39607
Diffstat (limited to 'FS/FS/Mason')
-rw-r--r-- | FS/FS/Mason/Request.pm | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/FS/FS/Mason/Request.pm b/FS/FS/Mason/Request.pm index 2cf1ed9..b33efcc 100644 --- a/FS/FS/Mason/Request.pm +++ b/FS/FS/Mason/Request.pm @@ -65,6 +65,10 @@ sub freeside_setup { if fileno(STDOUT) != 1; } + FS::Trace->log(' adding headers'); + #frame-ancestors not supported by all the major browsers yet + $HTML::Mason::Commands::r->header_out( 'X-Frame-Options', 'SAMEORIGIN' ); + if ( $filename =~ qr(/REST/\d+\.\d+/NoAuth/) ) { FS::Trace->log(' handling RT REST/NoAuth file'); |