diff options
| author | Lukas Fleischer <lfleischer@archlinux.org> | 2017-11-05 08:36:23 +0100 |
|---|---|---|
| committer | Lukas Fleischer <lfleischer@archlinux.org> | 2017-11-05 08:36:23 +0100 |
| commit | c859e371b0b94bb7ac2db7f7dfaf742a4a1fc6d9 (patch) | |
| tree | 63df303a67f8dc6b95596d1b48bd6d6ae281fc55 | |
| parent | 6c95fa3d1e4b5f7911b2dbdb94517baeafce11b3 (diff) | |
| download | aur-c859e371b0b94bb7ac2db7f7dfaf742a4a1fc6d9.tar.gz aur-c859e371b0b94bb7ac2db7f7dfaf742a4a1fc6d9.tar.xz | |
Set X-Frame-Options to DENY for all pages
Do not allow to render aurweb pages in a frame to protect against
clickjacking.
Fixes FS#56168.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
| -rw-r--r-- | web/lib/aur.inc.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php index ce569ea7..6cd04515 100644 --- a/web/lib/aur.inc.php +++ b/web/lib/aur.inc.php @@ -4,6 +4,7 @@ header('Content-Type: text/html; charset=utf-8'); header('Cache-Control: no-cache, must-revalidate'); header('Expires: Tue, 11 Oct 1988 22:00:00 GMT'); // quite a special day header('Pragma: no-cache'); +header('X-Frame-Options: DENY'); date_default_timezone_set('UTC'); |