diff options
author | Ivan Kohler <ivan@freeside.biz> | 2016-01-05 09:09:10 -0800 |
---|---|---|
committer | Ivan Kohler <ivan@freeside.biz> | 2016-01-05 09:09:10 -0800 |
commit | b3d694a31fe4ba77c987bbc84a02ba8b277a37f2 (patch) | |
tree | ab873ce94d8b5315ef0b214f82b27d41a447690c /FS | |
parent | 0070abc9190436fc6cc6ff908345bb24e19e388a (diff) |
clickjacking protection: set X-Frame-Options SAMEORIGIN, RT#39607
Diffstat (limited to 'FS')
-rw-r--r-- | FS/FS/Mason/Request.pm | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/FS/FS/Mason/Request.pm b/FS/FS/Mason/Request.pm index 2cf1ed9e0..b33efcc17 100644 --- a/FS/FS/Mason/Request.pm +++ b/FS/FS/Mason/Request.pm @@ -65,6 +65,10 @@ sub freeside_setup { if fileno(STDOUT) != 1; } + FS::Trace->log(' adding headers'); + #frame-ancestors not supported by all the major browsers yet + $HTML::Mason::Commands::r->header_out( 'X-Frame-Options', 'SAMEORIGIN' ); + if ( $filename =~ qr(/REST/\d+\.\d+/NoAuth/) ) { FS::Trace->log(' handling RT REST/NoAuth file'); |