svn commit: r1721570 - /sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java

Wed, 23 Dec 2015 11:22:43 -0800 

Author: asanso
Date: Wed Dec 23 19:21:29 2015
New Revision: 1721570

URL: http://svn.apache.org/viewvc?rev=1721570&view=rev
Log:
SLING-5393 - Add default X-Frame-Options header to defende against Clickjacking

Modified:
    
sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java

Modified: 
sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java
URL: 
http://svn.apache.org/viewvc/sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java?rev=1721570&r1=1721569&r2=1721570&view=diff
==============================================================================
--- 
sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java
 (original)
+++ 
sling/trunk/bundles/engine/src/main/java/org/apache/sling/engine/impl/SlingMainServlet.java
 Wed Dec 23 19:21:29 2015
@@ -111,7 +111,7 @@ public class SlingMainServlet extends Ge
     private static final String PROP_SERVER_INFO = "sling.serverinfo";
 
 
-    @Property(value = {"X-Content-Type-Options=nosniff"},
+    @Property(value = {"X-Content-Type-Options=nosniff", 
"X-Frame-Options=SAMEORIGIN"},
             label = "Additional response headers",
             description = "Provides mappings for additional response headers "
                 + "Each entry is of the form 'bundleId [ \":\" 
responseHeaderName ] \"=\" responseHeaderValue' ",

Reply via email to