external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Set X-Frame-Options to DENY for all pages

Browse source 
Do not allow to render aurweb pages in a frame to protect against
clickjacking.

Fixes FS#56168.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This commit is contained in:
Lukas Fleischer 2017-11-05 08:36:23 +01:00
parent 6c95fa3d1e
commit c859e371b0
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
web/lib/aur.inc.php
View file

@ -4,6 +4,7 @@ header('Content-Type: text/html; charset=utf-8');
header('Cache-Control: no-cache, must-revalidate'); header('Cache-Control: no-cache, must-revalidate');
header('Expires: Tue, 11 Oct 1988 22:00:00 GMT'); // quite a special day header('Expires: Tue, 11 Oct 1988 22:00:00 GMT'); // quite a special day
header('Pragma: no-cache'); header('Pragma: no-cache');
header('X-Frame-Options: DENY');
date_default_timezone_set('UTC'); date_default_timezone_set('UTC');