X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=FS%2FFS%2FMason%2FRequest.pm;h=99a8daa60dbc986fda3edd23db279d9b97a636a8;hb=20f03d52cc6c930f610c0b4466eeeeda54fdbb40;hp=1e2555a76e9a284e6a3e70b375ad8ff2dba0a759;hpb=3ff1fb4e10fdaef86527c10bd416e988d2a62a49;p=freeside.git

diff --git a/FS/FS/Mason/Request.pm b/FS/FS/Mason/Request.pm
index 1e2555a76..99a8daa60 100644
--- a/FS/FS/Mason/Request.pm
+++ b/FS/FS/Mason/Request.pm
@@ -4,6 +4,7 @@ use strict;
 use warnings;
 use vars qw( $FSURL $QUERY_STRING );
 use base 'HTML::Mason::Request';
+use IO::Handle;
 use FS::Trace;
 
 $FSURL = 'http://Set/FS_Mason_Request_FSURL/in_standalone_mode/';
@@ -45,12 +46,11 @@ my $protect_fds;
 sub freeside_setup {
     my( $class, $filename, $mode ) = @_;
 
-    FS::Trace->log('    protecting fds');
-
     #from rt/bin/webmux.pl(.in)
     if ( !$protect_fds && $ENV{'MOD_PERL'} && exists $ENV{'MOD_PERL_API_VERSION'}
         && $ENV{'MOD_PERL_API_VERSION'} >= 2
     ) {
+        FS::Trace->log('    protecting fds');
         # under mod_perl2, STDIN and STDOUT get closed and re-opened,
         # however they are not on FD 0 and 1.  In this case, the next
         # socket that gets opened will occupy one of these FDs, and make
@@ -64,6 +64,12 @@ sub freeside_setup {
             if fileno(STDOUT) != 1;
     }
 
+    if ( $HTML::Mason::Commands::r ) {
+      FS::Trace->log('    adding headers');
+      #frame-ancestors not supported by all the major browsers yet
+      $HTML::Mason::Commands::r->header_out( 'X-Frame-Options', 'SAMEORIGIN' );
+    }
+
     if ( $filename =~ qr(/REST/\d+\.\d+/NoAuth/) ) {
 
       FS::Trace->log('    handling RT REST/NoAuth file');
@@ -93,7 +99,7 @@ sub freeside_setup {
         $cgi = new CGI;
         setcgi($cgi);
 
-        #cgisuidsetup is gone, adminsuidsetup is now done in AuthCookieHandler
+        #cgisuidsetup is gone, equivalent is now done in AuthCookieHandler
 
         $fsurl = rooturl();
         $p = popurl(2);
@@ -110,6 +116,10 @@ sub freeside_setup {
       FS::Trace->log('    UTF-8-decoding form data');
       #
       foreach my $param ( $cgi->param ) {
+        
+        #we can't switch to multi_param until we're done supporting deb 7
+        local($CGI::LIST_CONTEXT_WARN) = 0;
+
         my @values = $cgi->param($param);
         next if $cgi->uploadInfo($values[0]);
         #warn $param;