Set X-Frame-Options to DENY for all pages

Do not allow to render aurweb pages in a frame to protect against clickjacking. Fixes FS#56168. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2025-02-03 10:43:03 +01:00 · 2017-11-05 08:36:23 +01:00 · 2017-11-05 08:36:23 +01:00 · c859e371b0
commit c859e371b0
parent 6c95fa3d1e
1 changed files with 1 additions and 0 deletions
--- a/web/lib/aur.inc.php
+++ b/web/lib/aur.inc.php
@ -4,6 +4,7 @@ header('Content-Type: text/html; charset=utf-8');
 header('Cache-Control: no-cache, must-revalidate');
 header('Expires: Tue, 11 Oct 1988 22:00:00 GMT'); // quite a special day
 header('Pragma: no-cache');
+header('X-Frame-Options: DENY');

 date_default_timezone_set('UTC');