diff options
| author | Reed Loden <reed@reedloden.com> | 2010-12-18 09:40:24 +0100 |
|---|---|---|
| committer | Reed Loden <reed@reedloden.com> | 2010-12-18 09:40:24 +0100 |
| commit | c9c81ee7156fc47d834317644baa25cec7cf16e4 (patch) | |
| tree | 532fa36c8aeabfc9a3397dc78b67aa6bf6f5a0e8 /Bugzilla | |
| parent | 374ee5c8a6ad04213de38be4557398bb458219a9 (diff) | |
| download | bugzilla-c9c81ee7156fc47d834317644baa25cec7cf16e4.tar.gz bugzilla-c9c81ee7156fc47d834317644baa25cec7cf16e4.tar.xz | |
Bug 475894 - Send the 'X-Frame-Options: SAMEORIGIN' header to help protect against clickjacking.
[r=mkanat a=mkanat]
Diffstat (limited to 'Bugzilla')
| -rw-r--r-- | Bugzilla/CGI.pm | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm index b32f76ae0..7c42d6f63 100644 --- a/Bugzilla/CGI.pm +++ b/Bugzilla/CGI.pm @@ -287,6 +287,12 @@ sub header { unshift(@_, '-strict_transport_security' => $sts_opts); } + # Add X-Frame-Options header to prevent framing and subsequent + # possible clickjacking problems. + unless ($self->url_is_attachment_base) { + unshift(@_, '-x_frame_options' => 'SAMEORIGIN'); + } + return $self->SUPER::header(@_) || ""; } |