projects
/
freeside.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
clickjacking protection: set X-Frame-Options SAMEORIGIN, RT#39607
[freeside.git]
/
FS
/
FS
/
Mason
/
Request.pm
diff --git
a/FS/FS/Mason/Request.pm
b/FS/FS/Mason/Request.pm
index
36c46dc
..
537ba2d
100644
(file)
--- a/
FS/FS/Mason/Request.pm
+++ b/
FS/FS/Mason/Request.pm
@@
-5,6
+5,7
@@
use warnings;
use vars qw( $FSURL $QUERY_STRING );
use base 'HTML::Mason::Request';
use FS::Trace;
use vars qw( $FSURL $QUERY_STRING );
use base 'HTML::Mason::Request';
use FS::Trace;
+use FS::access_user_log;
$FSURL = 'http://Set/FS_Mason_Request_FSURL/in_standalone_mode/';
$QUERY_STRING = '';
$FSURL = 'http://Set/FS_Mason_Request_FSURL/in_standalone_mode/';
$QUERY_STRING = '';
@@
-64,6
+65,10
@@
sub freeside_setup {
if fileno(STDOUT) != 1;
}
if fileno(STDOUT) != 1;
}
+ FS::Trace->log(' adding headers');
+ #frame-ancestors not supported by all the major browsers yet
+ $HTML::Mason::Commands::r->header_out( 'X-Frame-Options', 'SAMEORIGIN' );
+
if ( $filename =~ qr(/REST/\d+\.\d+/NoAuth/) ) {
FS::Trace->log(' handling RT REST/NoAuth file');
if ( $filename =~ qr(/REST/\d+\.\d+/NoAuth/) ) {
FS::Trace->log(' handling RT REST/NoAuth file');
@@
-109,6
+114,10
@@
sub freeside_setup {
FS::Trace->log(' UTF-8-decoding form data');
#
foreach my $param ( $cgi->param ) {
FS::Trace->log(' UTF-8-decoding form data');
#
foreach my $param ( $cgi->param ) {
+
+ #we can't switch to multi_param until we're done supporting deb 7
+ local($CGI::LIST_CONTEXT_WARN) = 0;
+
my @values = $cgi->param($param);
next if $cgi->uploadInfo($values[0]);
#warn $param;
my @values = $cgi->param($param);
next if $cgi->uploadInfo($values[0]);
#warn $param;
@@
-118,6
+127,8
@@
sub freeside_setup {
}
}
+ FS::access_user_log->insert_new_path( $filename );
+
FS::Trace->log(' done');
}
FS::Trace->log(' done');
}